ID CVE-2021-3449 Type cve Reporter openssl-security@openssl.org Modified 2022-04-20T00:16:00
Description
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
{"nessus": [{"lastseen": "2022-01-21T12:39:58", "description": "According to the version of the openssl1.1.1d packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.Security Fix(es):A flaw was found in openssl.\n A sA flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.\n crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openssl1.1.1d (EulerOS-SA-2021-2225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl111d", "p-cpe:/a:huawei:euleros:openssl111d-devel", "p-cpe:/a:huawei:euleros:openssl111d-libs", "p-cpe:/a:huawei:euleros:openssl111d-static", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2225.NASL", "href": "https://www.tenable.com/plugins/nessus/151772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151772);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : openssl1.1.1d (EulerOS-SA-2021-2225)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl1.1.1d packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The OpenSSL toolkit provides support for secure\n communications between machines. OpenSSL includes a\n certificate management tool and shared libraries which\n provide various cryptographic algorithms and\n protocols.Security Fix(es):A flaw was found in openssl.\n A sA flaw was found in openssl. A server crash and\n denial of service attack could occur if a client sends\n a TLSv1.2 renegotiation ClientHello and omits the\n signature_algorithms extension but includes a\n signature_algorithms_cert extension. The highest threat\n from this vulnerability is to system availability.\n crash and denial of service attack could occur if a\n client sends a TLSv1.2 renegotiation ClientHello and\n omits the signature_algorithms extension but includes a\n signature_algorithms_cert extension. The highest threat\n from this vulnerability is to system\n availability.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2225\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b7bdae5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl1.1.1d package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl111d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl111d-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl111d-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl111d-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl111d-1.1.1d-2.h9.eulerosv2r7\",\n \"openssl111d-devel-1.1.1d-2.h9.eulerosv2r7\",\n \"openssl111d-libs-1.1.1d-2.h9.eulerosv2r7\",\n \"openssl111d-static-1.1.1d-2.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl1.1.1d\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:20", "description": "This update for openssl-1_1 fixes the security issue :\n\n - CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852]\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2021-476)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-476.NASL", "href": "https://www.tenable.com/plugins/nessus/148176", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-476.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148176);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2021-476)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the security issue :\n\n - CVE-2021-3449: An OpenSSL TLS server may crash if sent a\n maliciously crafted renegotiation ClientHello message\n from a client. If a TLSv1.2 renegotiation ClientHello\n omits the signature_algorithms extension but includes a\n signature_algorithms_cert extension, then a NULL pointer\n dereference will result, leading to a crash and a denial\n of service attack. OpenSSL TLS clients are not impacted\n by this issue. [bsc#1183852]\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183852\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl-1_1 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl-1_1-devel-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-debuginfo-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-hmac-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-debuginfo-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-debugsource-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-lp152.7.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-lp152.7.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:13:19", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4891-1 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-25T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : OpenSSL vulnerability (USN-4891-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-27T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:libcrypto1.1-udeb", "p-cpe:/a:canonical:ubuntu_linux:libssl-dev", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1-udeb", "p-cpe:/a:canonical:ubuntu_linux:openssl"], "id": "UBUNTU_USN-4891-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148130", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4891-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148130);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"USN\", value:\"4891-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : OpenSSL vulnerability (USN-4891-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4891-1 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4891-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcrypto1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1-1ubuntu2.1~18.04.9'},\n {'osver': '18.04', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1-1ubuntu2.1~18.04.9'},\n {'osver': '18.04', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1-1ubuntu2.1~18.04.9'},\n {'osver': '18.04', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1-1ubuntu2.1~18.04.9'},\n {'osver': '18.04', 'pkgname': 'openssl', 'pkgver': '1.1.1-1ubuntu2.1~18.04.9'},\n {'osver': '20.04', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1f-1ubuntu2.3'},\n {'osver': '20.04', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1f-1ubuntu2.3'},\n {'osver': '20.04', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1f-1ubuntu2.3'},\n {'osver': '20.04', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1f-1ubuntu2.3'},\n {'osver': '20.04', 'pkgname': 'openssl', 'pkgver': '1.1.1f-1ubuntu2.3'},\n {'osver': '20.10', 'pkgname': 'libcrypto1.1-udeb', 'pkgver': '1.1.1f-1ubuntu4.3'},\n {'osver': '20.10', 'pkgname': 'libssl-dev', 'pkgver': '1.1.1f-1ubuntu4.3'},\n {'osver': '20.10', 'pkgname': 'libssl1.1', 'pkgver': '1.1.1f-1ubuntu4.3'},\n {'osver': '20.10', 'pkgname': 'libssl1.1-udeb', 'pkgver': '1.1.1f-1ubuntu4.3'},\n {'osver': '20.10', 'pkgname': 'openssl', 'pkgver': '1.1.1f-1ubuntu4.3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcrypto1.1-udeb / libssl-dev / libssl1.1 / libssl1.1-udeb / openssl');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:37", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1131 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-04-07T00:00:00", "type": "nessus", "title": "RHEL 8 : openssl (RHSA-2021:1131)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl"], "id": "REDHAT-RHSA-2021-1131.NASL", "href": "https://www.tenable.com/plugins/nessus/148379", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1131. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"RHSA\", value:\"2021:1131\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2021:1131)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1131 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-devel-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-devel-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-devel-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-devel-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-libs-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-libs-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-libs-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-libs-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-perl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-perl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'openssl-perl-1.1.1c-5.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:40:00", "description": "According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openssl (EulerOS-SA-2021-1985)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1985.NASL", "href": "https://www.tenable.com/plugins/nessus/151033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151033);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : openssl (EulerOS-SA-2021-1985)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously\n crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits\n the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1985\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78f0911c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1-3.h15.eulerosv2r8\",\n \"openssl-devel-1.1.1-3.h15.eulerosv2r8\",\n \"openssl-libs-1.1.1-3.h15.eulerosv2r8\",\n \"openssl-perl-1.1.1-3.h15.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:41:33", "description": "According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.Security Fix(es):An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2052.NASL", "href": "https://www.tenable.com/plugins/nessus/151230", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151230);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2052)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The OpenSSL toolkit provides support for secure\n communications between machines. OpenSSL includes a\n certificate management tool and shared libraries which\n provide various cryptographic algorithms and\n protocols.Security Fix(es):An OpenSSL TLS server may\n crash if sent a maliciously crafted renegotiation\n ClientHello message from a client. If a TLSv1.2\n renegotiation ClientHello omits the\n signature_algorithms extension (where it was present in\n the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2052\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6550a1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h14.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:03", "description": "A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service.\n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Debian DSA-4875-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4875.NASL", "href": "https://www.tenable.com/plugins/nessus/148170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4875. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148170);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"DSA\", value:\"4875\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Debian DSA-4875-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A NULL pointer dereference was found in the signature_algorithms\nprocessing in OpenSSL, a Secure Sockets Layer toolkit, which could\nresult in denial of service.\n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20210325.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4875\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libcrypto1.1-udeb\", reference:\"1.1.1d-0+deb10u6\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libssl-dev\", reference:\"1.1.1d-0+deb10u6\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libssl-doc\", reference:\"1.1.1d-0+deb10u6\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libssl1.1\", reference:\"1.1.1d-0+deb10u6\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libssl1.1-udeb\", reference:\"1.1.1d-0+deb10u6\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"openssl\", reference:\"1.1.1d-0+deb10u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:57", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is version 5.13.x < 5.18.0 and affected by the following OpenSSL denial of service vulnerability: \n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-04-01T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter 5.13.x < 5.18.0 DoS (TNS-2021-06)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-27T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter", "cpe:/a:openssl:openssl"], "id": "SECURITYCENTER_OPENSSL_1_1_1K_TNS_2021_03.NASL", "href": "https://www.tenable.com/plugins/nessus/148280", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148280);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Tenable SecurityCenter 5.13.x < 5.18.0 DoS (TNS-2021-06)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is \nversion 5.13.x < 5.18.0 and affected by the following OpenSSL denial of service vulnerability: \n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20210325.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Tenable SecurityCenter 5.18.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/01\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# try first local\nlocal_version = get_kb_item('Host/SecurityCenter/Version');\nif (!empty_or_null(local_version))\n{\n app_info = vcf::tenable_sc::get_app_info();\n}\nelse\n{\n # otherwise, remote\n port = get_http_port(default:443, dont_exit:TRUE);\n app_info = vcf::tenable_sc::get_app_info(port:port);\n}\n\n# let's check if the version is within the vulnerable range\nconstraints = [\n {'min_version': '5.13.0', 'fixed_version':'5.18.0'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:40:00", "description": "According to the version of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : openssl (EulerOS-SA-2021-2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/151159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151159);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : openssl (EulerOS-SA-2021-2020)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously\n crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits\n the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue. All OpenSSL 1.1.1 versions are\n affected by this issue. Users of these versions should\n upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not\n impacted by this issue. Fixed in OpenSSL 1.1.1k\n (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2020\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c5b185e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1-3.h15.eulerosv2r8\",\n \"openssl-devel-1.1.1-3.h15.eulerosv2r8\",\n \"openssl-libs-1.1.1-3.h15.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:58", "description": "This update for openssl-1_1 fixes the following security issue :\n\nCVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue.\n[bsc#1183852]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2021:0954-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0954-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0954-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148150);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2021:0954-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the following security issue :\n\nCVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously\ncrafted renegotiation ClientHello message from a client. If a TLSv1.2\nrenegotiation ClientHello omits the signature_algorithms extension but\nincludes a signature_algorithms_cert extension, then a NULL pointer\ndereference will result, leading to a crash and a denial of service\nattack. OpenSSL TLS clients are not impacted by this issue.\n[bsc#1183852]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210954-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bc2297f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-954=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-954=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-954=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-954=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-954=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-954=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_1-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_1-32bit-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_1-debuginfo-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_1-debuginfo-32bit-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_1-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_1-debuginfo-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_1-debugsource-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_1-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_1-32bit-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_1-debuginfo-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_1-debuginfo-32bit-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_1-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_1-debuginfo-1.1.1d-2.33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_1-debugsource-1.1.1d-2.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:48:29", "description": "According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2021-1970)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1970.NASL", "href": "https://www.tenable.com/plugins/nessus/150252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150252);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2021-1970)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously\n crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits\n the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue. All OpenSSL 1.1.1 versions are\n affected by this issue. Users of these versions should\n upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not\n impacted by this issue. Fixed in OpenSSL 1.1.1k\n (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3d85e09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h14.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:02", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1063 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-04-05T00:00:00", "type": "nessus", "title": "RHEL 8 : openssl (RHSA-2021:1063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl"], "id": "REDHAT-RHSA-2021-1063.NASL", "href": "https://www.tenable.com/plugins/nessus/148317", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1063. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148317);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"RHSA\", value:\"2021:1063\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2021:1063)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1063 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-devel-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-devel-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-devel-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-devel-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-libs-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-libs-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-libs-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-libs-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-perl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-perl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'openssl-perl-1.1.1c-18.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:32:32", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2751 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-09-02T00:00:00", "type": "nessus", "title": "Debian DLA-2751-1 : postgresql-9.6 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-09-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libecpg-compat3", "p-cpe:/a:debian:debian_linux:libecpg-dev", "p-cpe:/a:debian:debian_linux:libecpg6", "p-cpe:/a:debian:debian_linux:libpgtypes3", "p-cpe:/a:debian:debian_linux:libpq-dev", "p-cpe:/a:debian:debian_linux:libpq5", "p-cpe:/a:debian:debian_linux:postgresql-9.6", "p-cpe:/a:debian:debian_linux:postgresql-9.6-dbg", "p-cpe:/a:debian:debian_linux:postgresql-client-9.6", "p-cpe:/a:debian:debian_linux:postgresql-contrib-9.6", "p-cpe:/a:debian:debian_linux:postgresql-doc-9.6", "p-cpe:/a:debian:debian_linux:postgresql-plperl-9.6", "p-cpe:/a:debian:debian_linux:postgresql-plpython-9.6", "p-cpe:/a:debian:debian_linux:postgresql-plpython3-9.6", "p-cpe:/a:debian:debian_linux:postgresql-pltcl-9.6", "p-cpe:/a:debian:debian_linux:postgresql-server-dev-9.6", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2751.NASL", "href": "https://www.tenable.com/plugins/nessus/152966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2751. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152966);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/02\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n\n script_name(english:\"Debian DLA-2751-1 : postgresql-9.6 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2751\nadvisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://security-tracker.debian.org/tracker/source-package/postgresql-9.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?350b32e8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/postgresql-9.6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the postgresql-9.6 packages.\n\nFor Debian 9 stretch, this problem has been fixed in version 9.6.23-0+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-9.6-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-client-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-contrib-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-doc-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plperl-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython3-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-pltcl-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-server-dev-9.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'libecpg-compat3', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'libecpg-dev', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'libecpg6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'libpgtypes3', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'libpq-dev', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'libpq5', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-9.6-dbg', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-client-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-contrib-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-doc-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-plperl-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-plpython-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-plpython3-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-pltcl-9.6', 'reference': '9.6.23-0+deb9u1'},\n {'release': '9.0', 'prefix': 'postgresql-server-dev-9.6', 'reference': '9.6.23-0+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg-compat3 / libecpg-dev / libecpg6 / libpgtypes3 / libpq-dev / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:02", "description": "According to its self-reported version, the Tenable.sc application installed on the remote host is version 5.16.0 or 5.17.0 and affected by the following OpenSSL denial of service vulnerability:\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-04-09T00:00:00", "type": "nessus", "title": "Tenable.sc 5.16.0 / 5.17.0 OpenSSL DoS (TNS-2021-06)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-09-23T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_17_0_TNS_2021_06.NASL", "href": "https://www.tenable.com/plugins/nessus/148404", "sourceData": "#TRUSTED b2889fa2c2e5dbd337ffc0286a4f925b659dd562e95f1e7d962deedcbb1062c332b126ea1962353fc05171006e307181a100406dc774ff3323cc4152c0739b4d3e3c62233592c8b8690f6d58ee1820fbd5225a81738743b5d0f3ac3a5a7d37d9cecc8d1438a37ca930c8df3b5de66a8d041d59ea90ffc0d9be45cd613e597bea3bcdda9411b96f2a36cd1a560594ca2205bf09cabc6486b22d894dd7bf8f53f3b542f273f6220ea88b050f1a59749d3012e1463f71e144c9dacfa8e1e713f886fd0b91ef1c0b473fbe637a0b97e4082d740fd8126fb22a0bbe0ff3f20dcc8e18984d5968070d6512d90e26895b6379d5da7f56f45c0d92c1ddb4f6ee1d7e95667c53b994ddac11f2cbdfa5f02d145d8606671f6144e14a670d98d4e88d3d6ae8ce644badc2babaf968b190f952ef75cb79a54d07cb58486e85e46685aec0c575a80f79e238c6eaee04d2c8726e589d6af1449b810ed05dfc54d97b5f5ac491a333c89bc2495fb7ce29f7b05855c390af7e787e763c133b49c18fe77e3ffe1ff291ca98ef944423b795f051b13a681a33222a2a70678bdf118058ff5a8c4b30e20fc3e9c31270e6cd88049ac54320cdab9b0ca44fae4c6605b2581775fdaa76f8f50475fe7fc637b8a92321e40bbf30cfe73c270cddfdad9aaf1f27749c27064d4ba994bee21aa917d72897e42a229ae2c757eda68f1575252b114f128a55e3b8\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148404);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/23\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Tenable.sc 5.16.0 / 5.17.0 OpenSSL DoS (TNS-2021-06)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable.sc application installed on the remote host is version 5.16.0 or\n5.17.0 and affected by the following OpenSSL denial of service vulnerability:\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a\n TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial\n ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result,\n leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation\n enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1\n versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not\n impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-06\");\n # https://docs.tenable.com/releasenotes/Content/tenablesc/tenablesc2021041.htm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c531f5e9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Tenable.sc Patch SC-202104.1 or update to version 5.18.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_ports(\"installed_sw/Tenable SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::tenable_sc::get_app_info();\n\nif (app_info.version !~ \"^5.1[67].0$\")\n audit(AUDIT_INST_VER_NOT_VULN, app_info.app, app_info.version);\n\nvar patches = make_list('SC-202104.1');\nvcf::tenable_sc::check_for_patch(app_info:app_info, patches:patches);\n\nvcf::report_results(app_info:app_info, fix:'Tenable.sc Patch SC-202104.1', severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-29T13:11:01", "description": "This update for openssl-1_1 fixes the security issue :\n\nCVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue.\n[bsc#1183852]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0955-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0955-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0955-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148167);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0955-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the security issue :\n\nCVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously\ncrafted renegotiation ClientHello message from a client. If a TLSv1.2\nrenegotiation ClientHello omits the signature_algorithms extension but\nincludes a signature_algorithms_cert extension, then a NULL pointer\ndereference will result, leading to a crash and a denial of service\nattack. OpenSSL TLS clients are not impacted by this issue.\n[bsc#1183852]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210955-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a1a3e80\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-955=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-955=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-955=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl-1_1-devel-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_1-hmac-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_1-debugsource-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl-1_1-devel-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_1-hmac-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_1-debugsource-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libopenssl-1_1-devel-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libopenssl1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libopenssl1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libopenssl1_1-hmac-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"openssl-1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"openssl-1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"openssl-1_1-debugsource-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libopenssl-1_1-devel-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libopenssl1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libopenssl1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libopenssl1_1-hmac-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"openssl-1_1-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"openssl-1_1-debuginfo-1.1.1d-11.20.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"openssl-1_1-debugsource-1.1.1d-11.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-23T12:07:55", "description": "According to the version of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2021-1960)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1960.NASL", "href": "https://www.tenable.com/plugins/nessus/150247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150247);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2021-1960)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An OpenSSL TLS server may crash if sent a maliciously\n crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits\n the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue. All OpenSSL 1.1.1 versions are\n affected by this issue. Users of these versions should\n upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not\n impacted by this issue. Fixed in OpenSSL 1.1.1k\n (Affected 1.1.1-1.1.1j).(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1960\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b3bc934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h14.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). \n\nThis plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Siemens (CVE-2021-3449)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2022-02-07T00:00:00", "cpe": ["cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware", "cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware", "cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware"], "id": "TENABLE_OT_SIEMENS_CVE-2021-3449.NASL", "href": "https://www.tenable.com/plugins/ot/500504", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(500504);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2021-3449\");\n script_xref(name:\"DSA\", value:\"DSA-4875\");\n script_xref(name:\"GLSA\", value:\"GLSA-202103-03\");\n script_xref(name:\"FEDORA\", value:\"FEDORA-2021-cbf14ab8f9\");\n\n script_name(english:\"Siemens (CVE-2021-3449)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OT asset is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a\nTLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial\nClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to\na crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which\nis the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are\naffected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this\nissue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). \n\nThis plugin only works with Tenable.ot. Please visit\nhttps://www.tenable.com/products/tenable-ot for more information.\");\n # https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6aafb4b2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20210325.txt\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a21cd9d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20210326-0006/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openwall.com/lists/oss-security/2021/03/27/1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openwall.com/lists/oss-security/2021/03/27/2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openwall.com/lists/oss-security/2021/03/28/3\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openwall.com/lists/oss-security/2021/03/28/4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202103-03\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-05\");\n # https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e6d325e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-09\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.netapp.com/advisory/ntap-20210513-0002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuApr2021.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com//security-alerts/cpujul2021.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2021.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Tenable.ot\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tenable_ot_api_integration.nasl\");\n script_require_keys(\"Tenable.ot/Siemens\");\n\n exit(0);\n}\n\n\ninclude('tenable_ot_cve_funcs.inc');\n\nget_kb_item_or_exit('Tenable.ot/Siemens');\n\nvar asset = tenable_ot::assets::get(vendor:'Siemens');\n\nvar vuln_cpes = {\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1211c_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1212c_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1212fc_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1214_fc_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1214c_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1215_fc_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1215c_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1200_cpu_1217c_firmware\" : {},\n \"cpe:/o:siemens:simatic_s7-1500_cpu_1518-4_pn%2fdp_mfp_firmware\" : {}\n};\n\ntenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-21T12:46:25", "description": "According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.Security Fix(es):An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2063.NASL", "href": "https://www.tenable.com/plugins/nessus/151239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151239);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-3449\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2063)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The OpenSSL toolkit provides support for secure\n communications between machines. OpenSSL includes a\n certificate management tool and shared libraries which\n provide various cryptographic algorithms and\n protocols.Security Fix(es):An OpenSSL TLS server may\n crash if sent a maliciously crafted renegotiation\n ClientHello message from a client. If a TLSv1.2\n renegotiation ClientHello omits the\n signature_algorithms extension (where it was present in\n the initial ClientHello), but includes a\n signature_algorithms_cert extension then a NULL pointer\n dereference will result, leading to a crash and a\n denial of service attack. A server is only vulnerable\n if it has TLSv1.2 and renegotiation enabled (which is\n the default configuration). OpenSSL TLS clients are not\n impacted by this issue.(CVE-2021-3449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2063\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64227b37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h14.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h14.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-02T12:24:29", "description": "The version of OpenSSL installed on the remote host is prior to 1.1.1k. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1k advisory.\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-25T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.1 < 1.1.1k Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_1K.NASL", "href": "https://www.tenable.com/plugins/nessus/148125", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148125);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"OpenSSL 1.1.1 < 1.1.1k Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is prior to 1.1.1k. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 1.1.1k advisory.\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/openssl/openssl/commit/2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4121cee\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20210325.txt\");\n # https://github.com/openssl/openssl/commit/fb9fa6b51defd48157eeb207f52181f735d96148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c12dbbc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.1.1k or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude('openssl_version.inc');\n\nopenssl_check_version(fixed:'1.1.1k', min:'1.1.1', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:22", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1202 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 12 (RHSA-2021:1202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:tomcat-native"], "id": "REDHAT-RHSA-2021-1202.NASL", "href": "https://www.tenable.com/plugins/nessus/148563", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1202. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148563);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1202\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 3.1 Service Pack 12 (RHSA-2021:1202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1202 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat-native package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'jboss_enterprise_web_server_3_0_el7': [\n 'jws-3-for-rhel-7-server-debug-rpms',\n 'jws-3-for-rhel-7-server-rpms',\n 'jws-3-for-rhel-7-server-source-rpms'\n ],\n 'jboss_enterprise_web_server_3_1_el7': [\n 'jws-3-for-rhel-7-server-debug-rpms',\n 'jws-3-for-rhel-7-server-rpms',\n 'jws-3-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'tomcat-native-1.2.23-24.redhat_24.ep7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-3', 'repo_list':['jboss_enterprise_web_server_3_0_el7', 'jboss_enterprise_web_server_3_1_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat-native');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-12T17:00:05", "description": "According to its self-reported version, the Tenable Nessus application running on the remote host is 8.9.0 prior to 8.13.2. It is, therefore, affected by multiple vulnerabilities:\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled. (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a 'purpose' has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named 'purpose' values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-02T00:00:00", "type": "nessus", "title": "Tenable Nessus 8.9.0 < 8.13.2 Multiple Vulnerabilities (TNS-2021-05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:tenable:nessus"], "id": "NESSUS_TNS_2021_04.NASL", "href": "https://www.tenable.com/plugins/nessus/148297", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148297);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Tenable Nessus 8.9.0 < 8.13.2 Multiple Vulnerabilities (TNS-2021-05)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Tenable Nessus running on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable Nessus application running on the remote host is 8.9.0 prior to \n8.13.2. It is, therefore, affected by multiple vulnerabilities:\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled. (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n 'purpose' has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named 'purpose' values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://www.securityweek.com/openssl-111k-patches-two-high-severity-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ceab20f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-05\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable Nessus version 8.13.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:nessus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nessus_detect.nasl\");\n script_require_keys(\"installed_sw/nessus\");\n script_require_ports(\"Services/www\", 8834);\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\napp_info = vcf::tenable_nessus::get_app_info();\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '8.9.0', 'fixed_version' : '8.13.2' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-12T03:19:20", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5038-1 advisory.\n\n - A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. (CVE-2021-3677)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-08-13T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : PostgreSQL vulnerabilities (USN-5038-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3677"], "modified": "2022-03-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3", "p-cpe:/a:canonical:ubuntu_linux:libecpg-dev", "p-cpe:/a:canonical:ubuntu_linux:libecpg6", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes3", "p-cpe:/a:canonical:ubuntu_linux:libpq-dev", "p-cpe:/a:canonical:ubuntu_linux:libpq5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-13", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-13", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-13", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-13", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-13", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-12", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-13"], "id": "UBUNTU_USN-5038-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152539", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5038-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152539);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/14\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3677\");\n script_xref(name:\"USN\", value:\"5038-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVB\", value:\"2021-B-0048-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : PostgreSQL vulnerabilities (USN-5038-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5038-1 advisory.\n\n - A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the\n default configuration, any authenticated database user can complete this attack at will. The attack does\n not require the ability to create objects. If server settings include max_worker_processes=0, the known\n versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of\n that setting. (CVE-2021-3677)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5038-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3677\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython3-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libecpg-compat3', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libecpg-dev', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libecpg6', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpgtypes3', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpq-dev', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libpq5', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-client-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plperl-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plpython-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-plpython3-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-pltcl-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'postgresql-server-dev-10', 'pkgver': '10.18-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg-compat3', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg-dev', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libecpg6', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpgtypes3', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpq-dev', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpq5', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-client-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-plperl-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-plpython3-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-pltcl-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'postgresql-server-dev-12', 'pkgver': '12.8-0ubuntu0.20.04.1'},\n {'osver': '21.04', 'pkgname': 'libecpg-compat3', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libecpg-dev', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libecpg6', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libpgtypes3', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libpq-dev', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libpq5', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-13', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-client-13', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-plperl-13', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-plpython3-13', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-pltcl-13', 'pkgver': '13.4-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'postgresql-server-dev-13', 'pkgver': '13.4-0ubuntu0.21.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libecpg-compat3 / libecpg-dev / libecpg6 / libpgtypes3 / libpq-dev / etc');\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-01-02T12:24:30", "description": "An update of the nxtgn package has been released.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Nxtgn PHSA-2021-3.0-0210", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:nxtgn", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0210_NXTGN.NASL", "href": "https://www.tenable.com/plugins/nessus/148192", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0210. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148192);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Photon OS 3.0: Nxtgn PHSA-2021-3.0-0210\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nxtgn package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-210.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nxtgn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'nxtgn-openssl-1.1.1j-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'nxtgn-openssl-c_rehash-1.1.1j-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'nxtgn-openssl-devel-1.1.1j-2.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'nxtgn-openssl-perl-1.1.1j-2.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nxtgn');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:40", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1189 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat Virtualization (RHSA-2021:1189)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update"], "id": "REDHAT-RHSA-2021-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/148542", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1189. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148542);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1189\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"RHEL 8 : Red Hat Virtualization (RHSA-2021:1189)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1189 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected redhat-virtualization-host-image-update package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_hypervisor': [\n 'rhv-4-mgmt-agent-for-rhel-8-x86_64-debug-rpms',\n 'rhv-4-mgmt-agent-for-rhel-8-x86_64-rpms',\n 'rhv-4-mgmt-agent-for-rhel-8-x86_64-source-rpms',\n 'rhv-4-tools-for-rhel-8-x86_64-debug-rpms',\n 'rhv-4-tools-for-rhel-8-x86_64-rpms',\n 'rhv-4-tools-for-rhel-8-x86_64-source-rpms',\n 'rhvh-4-build-for-rhel-8-x86_64-rpms',\n 'rhvh-4-build-for-rhel-8-x86_64-source-rpms',\n 'rhvh-4-for-rhel-8-x86_64-debug-rpms',\n 'rhvh-4-for-rhel-8-x86_64-rpms',\n 'rhvh-4-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3', 'release':'8', 'el_string':'el8_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redhat-release-virtualization-host-4', 'repo_list':['enterprise_linux_8_hypervisor']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redhat-virtualization-host-image-update');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:05", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1024 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-30T00:00:00", "type": "nessus", "title": "RHEL 8 : openssl (RHSA-2021:1024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl"], "id": "REDHAT-RHSA-2021-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/148249", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1024. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148249);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1024\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2021:1024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1024 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T12:21:07", "description": "An update of the nxtgn package has been released.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Nxtgn PHSA-2021-2.0-0331", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:nxtgn", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0331_NXTGN.NASL", "href": "https://www.tenable.com/plugins/nessus/148186", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0331. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148186);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Photon OS 2.0: Nxtgn PHSA-2021-2.0-0331\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nxtgn package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-331.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nxtgn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'nxtgn-openssl-1.1.1j-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'nxtgn-openssl-c_rehash-1.1.1j-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'nxtgn-openssl-devel-1.1.1j-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'nxtgn-openssl-perl-1.1.1j-2.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nxtgn');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T00:14:44", "description": "The OpenSSL project reports :\n\nHigh: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default.\n\nHigh: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-29T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- Multiple vulnerabilities (5a668ab3-8d86-11eb-b8d6-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5A668AB38D8611EBB8D6D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/148200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148200);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"FreeBSD\", value:\"SA-21:07.openssl\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"FreeBSD : OpenSSL -- Multiple vulnerabilities (5a668ab3-8d86-11eb-b8d6-d4c9ef517024)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The OpenSSL project reports :\n\nHigh: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)The X509_V_FLAG_X509_STRICT flag enables additional\nsecurity checks of the certificates present in a certificate chain. It\nis not set by default.\n\nHigh: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)An OpenSSL TLS server may crash if sent a maliciously\ncrafted renegotiation ClientHello message from a client. If a TLSv1.2\nrenegotiation ClientHello omits the signature_algorithms extension\n(where it was present in the initial ClientHello), but includes a\nsignature_algorithms_cert extension then a NULL pointer dereference\nwill result, leading to a crash and a denial of service attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20210325.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/5a668ab3-8d86-11eb-b8d6-d4c9ef517024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4e8635e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.1.1k,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T00:14:14", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1024 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2021-1024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-04-14T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2021-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/148547", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1024.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148547);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2021-1024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1024 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1024.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:22", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1195 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 5.4.2 Security Update (Important) (RHSA-2021:1195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native"], "id": "REDHAT-RHSA-2021-1195.NASL", "href": "https://www.tenable.com/plugins/nessus/148562", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1195. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148562);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 5.4.2 Security Update (Important) (RHSA-2021:1195)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1195 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jws5-tomcat-native package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jws5-tomcat-native\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'jboss_enterprise_web_server_5_4_el7': [\n 'jws-5-for-rhel-7-server-debug-rpms',\n 'jws-5-for-rhel-7-server-rpms',\n 'jws-5-for-rhel-7-server-source-rpms'\n ],\n 'jboss_enterprise_web_server_5_4_el8': [\n 'jws-5-for-rhel-8-x86_64-debug-rpms',\n 'jws-5-for-rhel-8-x86_64-rpms',\n 'jws-5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jws5-tomcat-native-1.2.25-4.redhat_4.el7jws', 'cpu':'x86_64', 'release':'7', 'el_string':'el7jws', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jws-5', 'repo_list':['jboss_enterprise_web_server_5_4_el7', 'jboss_enterprise_web_server_5_4_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jws5-tomcat-native');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:06", "description": "This plugin has been deprecated, please use oraclelinux_ELSA-2021-1024.nasl instead.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2021-9151) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-debugsource", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static"], "id": "ORACLELINUX_ELSA-2021-9151.NASL", "href": "https://www.tenable.com/plugins/nessus/148259", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9151.\n#\n# Disabled on 2021/04/28. Use oraclelinux_ELSA-2021-1024.nasl\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148259);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2021-9151) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated..\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated, please use oraclelinux_ELSA-2021-1024.nasl instead.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9151.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\nexit(0, \"This plugin has been deprecated. Use oraclelinux_ELSA-2021-1024.nasl instead.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T12:23:09", "description": "The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1622 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : openssl11 (ALAS-2021-1622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl11", "p-cpe:/a:amazon:linux:openssl11-debuginfo", "p-cpe:/a:amazon:linux:openssl11-devel", "p-cpe:/a:amazon:linux:openssl11-libs", "p-cpe:/a:amazon:linux:openssl11-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1622.NASL", "href": "https://www.tenable.com/plugins/nessus/148196", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1622.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148196);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"ALAS\", value:\"2021-1622\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Amazon Linux 2 : openssl11 (ALAS-2021-1622)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1622 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1622.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssl11' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl11-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'openssl11-1.1.1g-12.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-1.1.1g-12.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-1.1.1g-12.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-debuginfo-1.1.1g-12.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-devel-1.1.1g-12.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-libs-1.1.1g-12.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl11-static-1.1.1g-12.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl11 / openssl11-debuginfo / openssl11-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T00:15:40", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1024 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-01T00:00:00", "type": "nessus", "title": "CentOS 8 : openssl (CESA-2021:1024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl"], "id": "CENTOS8_RHSA-2021-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/148281", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1024. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148281);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1024\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"CentOS 8 : openssl (CESA-2021:1024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1024 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-14T23:36:15", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1024 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : openssl (ALSA-2021:1024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:openssl", "p-cpe:/a:alma:linux:openssl-devel", "p-cpe:/a:alma:linux:openssl-libs", "p-cpe:/a:alma:linux:openssl-perl", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1024.NASL", "href": "https://www.tenable.com/plugins/nessus/157719", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1024.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157719);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"ALSA\", value:\"2021:1024\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n\n script_name(english:\"AlmaLinux 8 : openssl (ALSA-2021:1024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1024 advisory.\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1024.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1g-15.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-29T13:11:22", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1199 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 (RHSA-2021:1199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-chil", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static"], "id": "REDHAT-RHSA-2021-1199.NASL", "href": "https://www.tenable.com/plugins/nessus/148568", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1199. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148568);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"RHSA\", value:\"2021:1199\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 (RHSA-2021:1199)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1199 advisory.\n\n - openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n - openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941554\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(295);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-chil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'jboss_core_services_1_el7': [\n 'jb-coreservices-1-for-rhel-7-server-debug-rpms',\n 'jb-coreservices-1-for-rhel-7-server-rpms',\n 'jb-coreservices-1-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jbcs-httpd24-httpd-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24', 'repo_list':['jboss_core_services_1_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-httpd / jbcs-httpd24-httpd-devel / etc');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-27T14:58:51", "description": "Node.js reports : OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High) (CVE-2021-3450) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt OpenSSL - NULL pointer deref in signature_algorithms processing (High) (CVE-2021-3449) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt npm upgrade - Update y18n to fix Prototype-Pollution (High) (CVE-2020-7774) This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "FreeBSD : Node.js -- April 2021 Security Releases (c0c1834c-9761-11eb-acfd-0022489ad614)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node", "p-cpe:/a:freebsd:freebsd:node10", "p-cpe:/a:freebsd:freebsd:node12", "p-cpe:/a:freebsd:freebsd:node14", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C0C1834C976111EBACFD0022489AD614.NASL", "href": "https://www.tenable.com/plugins/nessus/148534", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148534);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\"CVE-2020-7774\", \"CVE-2021-3449\", \"CVE-2021-3450\");\n\n script_name(english:\"FreeBSD : Node.js -- April 2021 Security Releases (c0c1834c-9761-11eb-acfd-0022489ad614)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Node.js reports : OpenSSL - CA certificate check bypass with\nX509_V_FLAG_X509_STRICT (High) (CVE-2021-3450) This is a vulnerability\nin OpenSSL which may be exploited through Node.js. You can read more\nabout it in https://www.openssl.org/news/secadv/20210325.txt OpenSSL -\nNULL pointer deref in signature_algorithms processing (High)\n(CVE-2021-3449) This is a vulnerability in OpenSSL which may be\nexploited through Node.js. You can read more about it in\nhttps://www.openssl.org/news/secadv/20210325.txt npm upgrade - Update\ny18n to fix Prototype-Pollution (High) (CVE-2020-7774) This is a\nvulnerability in the y18n npm module which may be exploited by\nprototype pollution. You can read more about it in\nhttps://github.com/advisories/GHSA-c4w7-xm78-47vh\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20210325.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/advisories/GHSA-c4w7-xm78-47vh\");\n # https://vuxml.freebsd.org/freebsd/c0c1834c-9761-11eb-acfd-0022489ad614.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64e00441\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node14\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node10<10.24.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node12<12.22.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node14<14.16.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node<15.14.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-27T12:50:59", "description": "The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities:\n\n - Multiple denial of service (DoS) vulnerabilities exist in Visual Studio. An unauthenticated, remote attacker can exploit these issues to impose a DoS condition on the application. (CVE-2021-1971, CVE-2021-3449, CVE-2021-3450)\n\n - An information disclosure vulnerability exists in Visual Studio. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. (CVE-2021-41355)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (October 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1971", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-41355"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_OCT_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/154051", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154051);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-1971\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-41355\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0471-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (October 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple\nvulnerabilities:\n\n - Multiple denial of service (DoS) vulnerabilities exist in Visual Studio. An unauthenticated, remote attacker can \n exploit these issues to impose a DoS condition on the application. (CVE-2021-1971, CVE-2021-3449, CVE-2021-3450)\n\n - An information disclosure vulnerability exists in Visual Studio. An unauthenticated, remote attacker can exploit \n this to disclose potentially sensitive information. (CVE-2021-41355)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.11.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b09b8bb\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9#16.9.12\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be578aea\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e24738f\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.27\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1505c0a2\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.40\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68e164a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 15.9.40 for Visual Studio 2017\n - Update 16.4.27 for Visual Studio 2019\n - Update 16.7.20 for Visual Studio 2019\n - Update 16.9.12 for Visual Studio 2019\n - Update 16.11.5 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Visual Studio\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf_extras_visual_studio.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::visual_studio::get_app_info();\n\nvar constraints = [\n {'product': '2017', 'fixed_version': '15.9.28307.1705'},\n {'product': '2019', 'min_version': '16.0', 'fixed_version': '16.4.31728.76'},\n {'product': '2019', 'min_version': '16.5', 'fixed_version': '16.7.31727.298'},\n {'product': '2019', 'min_version': '16.8', 'fixed_version': '16.9.31728.308'},\n {'product': '2019', 'min_version': '16.10', 'fixed_version': '16.11.31729.503'}\n];\n\nvcf::visual_studio::check_version_and_report(\n app_info: app_info, \n constraints: constraints, \n severity: SECURITY_WARNING\n);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T00:15:41", "description": "An update of the openssl package has been released.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-07T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Openssl PHSA-2021-4.0-0007", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0007_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/148355", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0007. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148355);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/27\");\n\n script_cve_id(\n \"CVE-2021-23840\",\n \"CVE-2021-23841\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"Photon OS 4.0: Openssl PHSA-2021-4.0-0007\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-7.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssl-1.1.1k-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssl-c_rehash-1.1.1k-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssl-devel-1.1.1k-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssl-docs-1.1.1k-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssl-perl-1.1.1k-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-02T00:14:15", "description": "The remote host is affected by the vulnerability described in GLSA-202103-03 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-01T00:00:00", "type": "nessus", "title": "GLSA-202103-03 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-08-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202103-03.NASL", "href": "https://www.tenable.com/plugins/nessus/148271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202103-03.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148271);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/30\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\", \"CVE-2021-3449\", \"CVE-2021-3450\");\n script_xref(name:\"GLSA\", value:\"202103-03\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n\n script_name(english:\"GLSA-202103-03 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202103-03\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202103-03\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.1.1k'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.1.1k\"), vulnerable:make_list(\"lt 1.1.1k\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T13:04:38", "description": "The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 5.13.1. It is, therefore, affected by multiple vulnerabilities:\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971) \n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. (CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. (CVE-2021-23840) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Nessus Network Monitor < 5.13.1 Multiple Vulnerabilities (TNS-2021-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1971", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-23840", "CVE-2021-23841"], "modified": "2021-05-13T00:00:00", "cpe": ["cpe:/a:tenable:nnm"], "id": "NNM_5_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/149403", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149403);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/13\");\n\n script_cve_id(\n \"CVE-2020-1971\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-23840\",\n \"CVE-2021-23841\"\n );\n\n script_name(english:\"Nessus Network Monitor < 5.13.1 Multiple Vulnerabilities (TNS-2021-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A vulnerability scanner installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Nessus Network Monitor (NNM) installed on the remote host is prior to 5.13.1. It is, therefore, affected\nby multiple vulnerabilities:\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those \n name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both \n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a \n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: \n 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded \n in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp \n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an \n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL \n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified. \n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements \n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that \n an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of \n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will \n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. \n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i \n (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n \n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value\n based on the issuer and serial number data contained within an X509 certificate. However it fails to \n correctly handle any errors that may occur while parsing the issuer field (which might occur if the \n issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a \n crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is \n never directly called by OpenSSL itself so applications are only vulnerable if they use this function \n directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL \n versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL \n 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of \n support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade\n to 1.0.2y. Other users should upgrade to 1.1.1j. (CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length \n argument in some cases where the input length is close to the maximum permissable length for an integer\n on the platform. In such cases the return value from the function call will be 1 (indicating success), \n but the output length value will be negative. This could cause applications to behave incorrectly or \n crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should \n upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL\n 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL \n 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. (CVE-2021-23840)\n \n Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported \n version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Nessus Network Monitor version 5.13.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3450\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:nnm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nnm_installed_win.nbin\", \"nnm_installed_nix.nbin\");\n script_require_keys(\"installed_sw/Tenable NNM\", \"Host/nnm_installed\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_name = 'Tenable NNM';\n\nvar app_info = vcf::get_app_info(app:app_name);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n { 'fixed_version' : '5.13.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-27T00:16:09", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2326-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:2326-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:nodejs12-docs", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2326-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152272", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2326-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152272);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2326-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0041-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2021:2326-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:2326-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009136.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bbdad078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs12, nodejs12-devel, nodejs12-docs and / or npm12 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'nodejs12-12.22.2-1.32.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-12.22.2-1.32.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-12.22.2-1.32.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-12.22.2-1.32.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-devel-12.22.2-1.32.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-devel-12.22.2-1.32.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-devel-12.22.2-1.32.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-devel-12.22.2-1.32.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-docs-12.22.2-1.32.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-docs-12.22.2-1.32.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-docs-12.22.2-1.32.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs12-docs-12.22.2-1.32.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm12-12.22.2-1.32.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm12-12.22.2-1.32.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm12-12.22.2-1.32.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm12-12.22.2-1.32.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs12 / nodejs12-devel / nodejs12-docs / npm12');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:12:39", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2353-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2353-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:nodejs10-docs", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151758", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2353-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151758);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2353-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0041-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:2353-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:2353-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009145.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c54f9c45\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10, nodejs10-devel, nodejs10-docs and / or npm10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'nodejs10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'nodejs10-docs-10.24.1-1.36.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'npm10-10.24.1-1.36.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs10 / nodejs10-devel / nodejs10-docs / npm10');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:15:35", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1061-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1061-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs10", "p-cpe:/a:novell:opensuse:nodejs10-devel", "p-cpe:/a:novell:opensuse:npm10", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/151818", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1061-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151818);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n\n script_name(english:\"openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1061-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1061-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SR22RRAXGLDTLSDJRAQ4O3Q67G2PNEGJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81020d96\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10, nodejs10-devel and / or npm10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'nodejs10-10.24.1-lp152.2.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs10-devel-10.24.1-lp152.2.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm10-10.24.1-lp152.2.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs10 / nodejs10-devel / npm10');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:15:36", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2323-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:2323-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs10", "p-cpe:/a:novell:suse_linux:nodejs10-devel", "p-cpe:/a:novell:suse_linux:nodejs10-docs", "p-cpe:/a:novell:suse_linux:npm10", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2323-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151656", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2323-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151656);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2323-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0041-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:2323-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:2323-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009135.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cbb78983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10, nodejs10-devel, nodejs10-docs and / or npm10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs10-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'nodejs10-10.24.1-1.39.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-10.24.1-1.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-10.24.1-1.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-10.24.1-1.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-devel-10.24.1-1.39.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-devel-10.24.1-1.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-devel-10.24.1-1.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-devel-10.24.1-1.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-docs-10.24.1-1.39.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-docs-10.24.1-1.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-docs-10.24.1-1.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'nodejs10-docs-10.24.1-1.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm10-10.24.1-1.39.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm10-10.24.1-1.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm10-10.24.1-1.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'},\n {'reference':'npm10-10.24.1-1.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-12-0'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs10 / nodejs10-devel / nodejs10-docs / npm10');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:15:38", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2353-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs10", "p-cpe:/a:novell:opensuse:nodejs10-devel", "p-cpe:/a:novell:opensuse:npm10", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/151723", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2353-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151723);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n\n script_name(english:\"openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:2353-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2353-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SVLFLECFVPSHO4SQBVWDO2CBAU5LB7IS/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75545cd7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs10, nodejs10-devel and / or npm10 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs10-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'nodejs10-10.24.1-1.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs10-devel-10.24.1-1.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm10-10.24.1-1.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs10 / nodejs10-devel / npm10');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:14:48", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2327-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:2327-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:nodejs12", "p-cpe:/a:novell:suse_linux:nodejs12-devel", "p-cpe:/a:novell:suse_linux:nodejs12-docs", "p-cpe:/a:novell:suse_linux:npm12", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2327-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151655", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2327-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151655);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2327-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0041-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:2327-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:2327-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009139.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d9db17a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs12, nodejs12-devel, nodejs12-docs and / or npm12 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs12-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'nodejs12-12.22.2-4.16.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs12-devel-12.22.2-4.16.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs12-docs-12.22.2-4.16.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'npm12-12.22.2-4.16.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.2'},\n {'reference':'nodejs12-12.22.2-4.16.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.3'},\n {'reference':'nodejs12-devel-12.22.2-4.16.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.3'},\n {'reference':'nodejs12-docs-12.22.2-4.16.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.3'},\n {'reference':'npm12-12.22.2-4.16.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-web-scripting-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs12 / nodejs12-devel / nodejs12-docs / npm12');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:14:07", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1059-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs12", "p-cpe:/a:novell:opensuse:nodejs12-devel", "p-cpe:/a:novell:opensuse:npm12", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1059.NASL", "href": "https://www.tenable.com/plugins/nessus/151823", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1059-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151823);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n\n script_name(english:\"openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1059-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1059-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZO2DR7PIGZWRPXIGYAZCAL4X64BSDZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e4b715e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs12, nodejs12-devel and / or npm12 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'nodejs12-12.22.2-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs12-devel-12.22.2-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm12-12.22.2-lp152.3.15.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs12 / nodejs12-devel / npm12');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-27T00:14:09", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2327-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:2327-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-7774", "CVE-2021-22918", "CVE-2021-23362", "CVE-2021-27290", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs12", "p-cpe:/a:novell:opensuse:nodejs12-devel", "p-cpe:/a:novell:opensuse:npm12", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2327.NASL", "href": "https://www.tenable.com/plugins/nessus/151727", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2327-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151727);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\n \"CVE-2020-7774\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-22918\",\n \"CVE-2021-23362\",\n \"CVE-2021-27290\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0149-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0192-S\");\n\n script_name(english:\"openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:2327-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2327-1 advisory.\n\n - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')();\n y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true\n (CVE-2020-7774)\n\n - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is\n used to convert strings to ASCII. The pointer p is read and increased without checking whether it is\n beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information\n disclosures or crashes. This function can be triggered via uv_getaddrinfo(). (CVE-2021-22918)\n\n - The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS)\n via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression\n exhibits polynomial worst-case time complexity. (CVE-2021-23362)\n\n - ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a\n denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of\n service. This issue only affects consumers using the strict option. (CVE-2021-27290)\n\n - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a\n client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was\n present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL\n pointer dereference will result, leading to a crash and a denial of service attack. A server is only\n vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS\n clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of\n these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in\n OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). (CVE-2021-3449)\n\n - The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a\n certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow\n certificates in the chain that have explicitly encoded elliptic curve parameters was added as an\n additional strict check. An error in the implementation of this check meant that the result of a previous\n check to confirm that certificates in the chain are valid CA certificates was overwritten. This\n effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a\n purpose has been configured then there is a subsequent opportunity for checks that the certificate is a\n valid CA. All of the named purpose values implemented in libcrypto perform this check. Therefore, where\n a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A\n purpose is set by default in libssl client and server certificate verification routines, but it can be\n overridden or removed by an application. In order to be affected, an application must explicitly set the\n X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification\n or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions\n 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k.\n OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\n (CVE-2021-3450)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187977\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OFQOZ4RLN343RY5DDFVA2KWFMZHZD2KS/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e8736d8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-7774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-22918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3450\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nodejs12, nodejs12-devel and / or npm12 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-7774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs12-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'nodejs12-12.22.2-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs12-devel-12.22.2-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm12-12.22.2-4.16.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs12 / nodejs12-devel / npm12');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T17:06:33", "description": "The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 6.0.9. It is, therefore, affected by multiple vulnerabilities:\n\n - Multiple denial of service vulnerabilities in the included OpenSSL component. (CVE-2019-1551, CVE-2020-1967, CVE-2020-1971, CVE-2021-3449, CVE-2021-23840)\n\n - Multiple cross site scripting vulnerabilities in the included JQuery component. (CVE-2020-11022, CVE-2020-11023)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2021-06-02T00:00:00", "type": "nessus", "title": "Tenable Log Correlation Engine (LCE) < 6.0.9 (TNS-2021-10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1551", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-1967", "CVE-2020-1971", "CVE-2021-23840", "CVE-2021-3449"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:tenable:log_correlation_engine"], "id": "LCE_6_0_9.NASL", "href": "https://www.tenable.com/plugins/nessus/150139", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150139);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2019-1551\",\n \"CVE-2020-1967\",\n \"CVE-2020-1971\",\n \"CVE-2020-11022\",\n \"CVE-2020-11023\",\n \"CVE-2021-3449\",\n \"CVE-2021-23840\"\n );\n\n script_name(english:\"Tenable Log Correlation Engine (LCE) < 6.0.9 (TNS-2021-10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A data aggregation application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 6.0.9. It is, therefore,\naffected by multiple vulnerabilities:\n\n - Multiple denial of service vulnerabilities in the included OpenSSL component. (CVE-2019-1551, CVE-2020-1967,\n CVE-2020-1971, CVE-2021-3449, CVE-2021-23840)\n\n - Multiple cross site scripting vulnerabilities in the included JQuery component. (CVE-2020-11022, CVE-2020-11023)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable LCE version 6.0.9 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1551\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-11023\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:log_correlation_engine\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"lce_installed.nbin\");\n script_require_keys(\"installed_sw/Log Correlation Engine Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = 'Log Correlation Engine Server';\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nvar app_info = vcf::get_app_info(app:app);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'max_version' : '6.0.8', 'fixed_version' : '6.0.9' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-13T15:14:07", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.34. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the April 2021 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-3449)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption (OpenSSL)). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-23841)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-2307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.34 Multiple Vulnerabilities (Apr 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2146", "CVE-2021-2154", "CVE-2021-2162", "CVE-2021-2166", "CVE-2021-2169", "CVE-2021-2171", "CVE-2021-2174", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2194", "CVE-2021-2226", "CVE-2021-2307", "CVE-2021-23841", "CVE-2021-3449"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_34.NASL", "href": "https://www.tenable.com/plugins/nessus/148936", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148936);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-2146\",\n \"CVE-2021-2154\",\n \"CVE-2021-2162\",\n \"CVE-2021-2166\",\n \"CVE-2021-2169\",\n \"CVE-2021-2171\",\n \"CVE-2021-2174\",\n \"CVE-2021-2179\",\n \"CVE-2021-2180\",\n \"CVE-2021-2194\",\n \"CVE-2021-2226\",\n \"CVE-2021-2307\",\n \"CVE-2021-3449\",\n \"CVE-2021-23841\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n\n script_name(english:\"MySQL 5.7.x < 5.7.34 Multiple Vulnerabilities (Apr 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to 5.7.34. It is, therefore, affected by multiple\nvulnerabilities, including the following, as noted in the April 2021 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. (CVE-2021-3449)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption\n (OpenSSL)). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2021-23841)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows\n unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-2307)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.34 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2226\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-2307\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '5.7.0', 'fixed_version' : '5.7.34'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-05-13T15:11:51", "description": "The version of MySQL running on the remote host is 8.0.x prior to 8.0.24. It is, therefore, affected by multiple vulnerabilities, including the following, as noted in the April 2021 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-3449)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption (OpenSSL)). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-23841)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2020-28196)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "MySQL 8.0.x < 8.0.24 Multiple Vulnerabilities (Apr 2021 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28196", "CVE-2021-2146", "CVE-2021-2162", "CVE-2021-2164", "CVE-2021-2166", "CVE-2021-2169", "CVE-2021-2170", "CVE-2021-2171", "CVE-2021-2172", "CVE-2021-2174", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2193", "CVE-2021-2194", "CVE-2021-2196", "CVE-2021-2201", "CVE-2021-2203", "CVE-2021-2208", "CVE-2021-2212", "CVE-2021-2215", "CVE-2021-2217", "CVE-2021-2226", "CVE-2021-2230", "CVE-2021-2232", "CVE-2021-2278", "CVE-2021-2293", "CVE-2021-2298", "CVE-2021-2299", "CVE-2021-2300", "CVE-2021-2301", "CVE-2021-2304", "CVE-2021-2305", "CVE-2021-2307", "CVE-2021-2308", "CVE-2021-23841", "CVE-2021-2444", "CVE-2021-3449"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_24.NASL", "href": "https://www.tenable.com/plugins/nessus/148937", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148937);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28196\",\n \"CVE-2021-2146\",\n \"CVE-2021-2162\",\n \"CVE-2021-2164\",\n \"CVE-2021-2166\",\n \"CVE-2021-2169\",\n \"CVE-2021-2170\",\n \"CVE-2021-2171\",\n \"CVE-2021-2172\",\n \"CVE-2021-2174\",\n \"CVE-2021-2179\",\n \"CVE-2021-2180\",\n \"CVE-2021-2193\",\n \"CVE-2021-2194\",\n \"CVE-2021-2196\",\n \"CVE-2021-2201\",\n \"CVE-2021-2203\",\n \"CVE-2021-2208\",\n \"CVE-2021-2212\",\n \"CVE-2021-2215\",\n \"CVE-2021-2217\",\n \"CVE-2021-2226\",\n \"CVE-2021-2230\",\n \"CVE-2021-2232\",\n \"CVE-2021-2278\",\n \"CVE-2021-2293\",\n \"CVE-2021-2298\",\n \"CVE-2021-2299\",\n \"CVE-2021-2300\",\n \"CVE-2021-2301\",\n \"CVE-2021-2304\",\n \"CVE-2021-2305\",\n \"CVE-2021-2307\",\n \"CVE-2021-2308\",\n \"CVE-2021-2444\",\n \"CVE-2021-3449\",\n \"CVE-2021-23841\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n\n script_name(english:\"MySQL 8.0.x < 8.0.24 Multiple Vulnerabilities (Apr 2021 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 8.0.x prior to 8.0.24. It is, therefore, affected by multiple\nvulnerabilities, including the following, as noted in the April 2021 Critical Patch Update advisory:\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. (CVE-2021-3449)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption\n (OpenSSL)). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2021-23841)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows\n unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2020-28196)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.24 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2304\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-2307\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\", \"mysql_version_local.nasl\", \"mysql_win_installed.nbin\", \"macosx_mysql_installed.nbin\");\n script_require_keys(\"installed_sw/MySQL Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_mysql.inc');\n\nvar app_info = vcf::mysql::combined_get_app_info();\n\nvar constraints = [{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.24'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-05-10T03:17:56", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: \n - Apache FOP\n - Underscore\n - Handlebars\n - PHP\n - sqlite\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-09-03T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5661", "CVE-2019-11041", "CVE-2019-11042", "CVE-2019-11043", "CVE-2019-11044", "CVE-2019-11045", "CVE-2019-11046", "CVE-2019-11047", "CVE-2019-11048", "CVE-2019-11049", "CVE-2019-11050", "CVE-2019-16168", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19919", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-15358", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7061", "CVE-2020-7062", "CVE-2020-7063", "CVE-2020-7064", "CVE-2020-7065", "CVE-2020-7066", "CVE-2020-7067", "CVE-2020-7068", "CVE-2020-7069", "CVE-2020-7070", "CVE-2020-7071", "CVE-2021-21702", "CVE-2021-21704", "CVE-2021-21705", "CVE-2021-23358", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "href": "https://www.tenable.com/plugins/nessus/152986", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152986);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2017-5661\",\n \"CVE-2019-11041\",\n \"CVE-2019-11042\",\n \"CVE-2019-11043\",\n \"CVE-2019-11044\",\n \"CVE-2019-11045\",\n \"CVE-2019-11046\",\n \"CVE-2019-11047\",\n \"CVE-2019-11048\",\n \"CVE-2019-11049\",\n \"CVE-2019-11050\",\n \"CVE-2019-16168\",\n \"CVE-2019-19645\",\n \"CVE-2019-19646\",\n \"CVE-2019-19919\",\n \"CVE-2020-7059\",\n \"CVE-2020-7060\",\n \"CVE-2020-7061\",\n \"CVE-2020-7062\",\n \"CVE-2020-7063\",\n \"CVE-2020-7064\",\n \"CVE-2020-7065\",\n \"CVE-2020-7066\",\n \"CVE-2020-7067\",\n \"CVE-2020-7068\",\n \"CVE-2020-7069\",\n \"CVE-2020-7070\",\n \"CVE-2020-7071\",\n \"CVE-2020-11655\",\n \"CVE-2020-11656\",\n \"CVE-2020-13434\",\n \"CVE-2020-13435\",\n \"CVE-2020-13630\",\n \"CVE-2020-13631\",\n \"CVE-2020-13632\",\n \"CVE-2020-15358\",\n \"CVE-2021-3449\",\n \"CVE-2021-3450\",\n \"CVE-2021-21702\",\n \"CVE-2021-21704\",\n \"CVE-2021-21705\",\n \"CVE-2021-23358\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n\n script_name(english:\"Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less \nthan 5.19.0 and is therefore affected by multiple vulnerabilities in the following components: \n - Apache FOP\n - Underscore\n - Handlebars\n - PHP\n - sqlite\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2021-14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the security patch referenced in the vendor advisory or upgrade to 5.19.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-11656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PHP-FPM Underflow RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_ports(\"installed_sw/Tenable SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar patches = make_list('SC-202108.1');\nvar app_info = vcf::tenable_sc::get_app_info();\n\nvcf::tenable_sc::check_for_patch(app_info:app_info, patches:patches);\n\nvar constraints = [\n { 'fixed_version' : '5.17.0', 'fixed_display' : '5.19.0'},\n { 'min_version' : '5.17.0', 'fixed_version' : '5.19.0', 'fixed_display' : 'Apply Patch SC-202108.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2022-01-23T12:13:37", "description": "Oracle reports :\n\nThis Critical Patch Update contains 49 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8.\n\nMariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only", "cvss3": {"score": 7.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-21T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1971", "CVE-2020-28196", "CVE-2020-8277", "CVE-2021-2144", "CVE-2021-2146", "CVE-2021-2154", "CVE-2021-2160", "CVE-2021-2162", "CVE-2021-2164", "CVE-2021-2166", "CVE-2021-2169", "CVE-2021-2170", "CVE-2021-2171", "CVE-2021-2172", "CVE-2021-2174", "CVE-2021-2178", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2193", "CVE-2021-2194", "CVE-2021-2196", "CVE-2021-2201", "CVE-2021-2202", "CVE-2021-2203", "CVE-2021-2208", "CVE-2021-2212", "CVE-2021-2213", "CVE-2021-2215", "CVE-2021-2217", "CVE-2021-2226", "CVE-2021-2230", "CVE-2021-2232", "CVE-2021-2278", "CVE-2021-2293", "CVE-2021-2298", "CVE-2021-2299", "CVE-2021-2300", "CVE-2021-2301", "CVE-2021-2304", "CVE-2021-2305", "CVE-2021-2307", "CVE-2021-2308", "CVE-2021-23841", "CVE-2021-3449"], "modified": "2021-05-07T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb103-server", "p-cpe:/a:freebsd:freebsd:mariadb104-server", "p-cpe:/a:freebsd:freebsd:mariadb105-server", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:mysql80-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/148869", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148869);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/07\");\n\n script_cve_id(\"CVE-2020-1971\", \"CVE-2020-28196\", \"CVE-2020-8277\", \"CVE-2021-2144\", \"CVE-2021-2146\", \"CVE-2021-2154\", \"CVE-2021-2160\", \"CVE-2021-2162\", \"CVE-2021-2164\", \"CVE-2021-2166\", \"CVE-2021-2169\", \"CVE-2021-2170\", \"CVE-2021-2171\", \"CVE-2021-2172\", \"CVE-2021-2174\", \"CVE-2021-2178\", \"CVE-2021-2179\", \"CVE-2021-2180\", \"CVE-2021-2193\", \"CVE-2021-2194\", \"CVE-2021-2196\", \"CVE-2021-2201\", \"CVE-2021-2202\", \"CVE-2021-2203\", \"CVE-2021-2208\", \"CVE-2021-2212\", \"CVE-2021-2213\", \"CVE-2021-2215\", \"CVE-2021-2217\", \"CVE-2021-2226\", \"CVE-2021-2230\", \"CVE-2021-2232\", \"CVE-2021-2278\", \"CVE-2021-2293\", \"CVE-2021-2298\", \"CVE-2021-2299\", \"CVE-2021-2300\", \"CVE-2021-2301\", \"CVE-2021-2304\", \"CVE-2021-2305\", \"CVE-2021-2307\", \"CVE-2021-2308\", \"CVE-2021-23841\", \"CVE-2021-3449\");\n\n script_name(english:\"FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 49 new security patches for Oracle\nMySQL. 10 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials. The highest CVSS v3.1 Base Score of\nvulnerabilities affecting Oracle MySQL is 9.8.\n\nMariaDB is affected by CVE-2021-2166 and CVE-2021-2154 only\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpuapr2021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://mariadb.com/kb/en/mariadb-10510-release-notes/\"\n );\n # https://vuxml.freebsd.org/freebsd/56ba4513-a1be-11eb-9072-d4c9ef517024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?749306cb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2144\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb103-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb104-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb105-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb103-server<10.3.29\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb104-server<10.4.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb105-server<10.5.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.52\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.34\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-server<8.0.24\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "rustsec": [{"lastseen": "2021-12-27T16:52:59", "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation\nClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits\nthe signature_algorithms extension (where it was present in the initial\nClientHello), but includes a signature_algorithms_cert extension then a NULL\npointer dereference will result, leading to a crash and a denial of service\nattack.\n\nA server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which\nis the default configuration). OpenSSL TLS clients are not impacted by this\nissue.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-01T12:00:00", "type": "rustsec", "title": "NULL pointer deref in signature_algorithms processing", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-10-19T22:14:35", "id": "RUSTSEC-2021-0055", "href": "https://rustsec.org/advisories/RUSTSEC-2021-0055", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-11-29T22:22:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4875-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 25, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2021-3449\n\nA NULL pointer dereference was found in the signature_algorithms\nprocessing in OpenSSL, a Secure Sockets Layer toolkit, which could\nresult in denial of service.\n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u6.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-25T15:41:28", "type": "debian", "title": "[SECURITY] [DSA 4875-1] openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-03-25T15:41:28", "id": "DEBIAN:DSA-4875-1:AE1B0", "href": "https://lists.debian.org/debian-security-announce/2021/msg00056.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-01T14:37:51", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2751-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Christoph Berg\nAugust 31, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : postgresql-9.6\nVersion : 9.6.23-0+deb9u1\nCVE ID : CVE-2021-3449\n\nPostgreSQL 9.6.23 fixes this security issue:\n\n Disallow SSL renegotiation more completely (Michael Paquier)\n\n SSL renegotiation has been disabled for some time, but the server would\n still cooperate with a client-initiated renegotiation request. A\n maliciously crafted renegotiation request could result in a server crash\n (see OpenSSL issue CVE-2021-3449). Disable the feature altogether on\n OpenSSL versions that permit doing so, which are 1.1.0h and newer.\n\nFor Debian 9 stretch, this problem has been fixed in version\n9.6.23-0+deb9u1.\n\nWe recommend that you upgrade your postgresql-9.6 packages.\n\nFor the detailed security status of postgresql-9.6 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/postgresql-9.6\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-31T14:03:14", "type": "debian", "title": "[SECURITY] [DLA 2751-1] postgresql-9.6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-31T14:03:14", "id": "DEBIAN:DLA-2751-1:5F8DA", "href": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T17:57:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4875-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 25, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2021-3449\n\nA NULL pointer dereference was found in the signature_algorithms\nprocessing in OpenSSL, a Secure Sockets Layer toolkit, which could\nresult in denial of service.\n\nAdditional details can be found in the upstream advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u6.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-25T15:41:28", "type": "debian", "title": "[SECURITY] [DSA 4875-1] openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-03-25T15:41:28", "id": "DEBIAN:DSA-4875-1:829EF", "href": "https://lists.debian.org/debian-security-announce/2021/msg00056.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2021-12-30T21:41:49", "description": "## Summary\n\nThe z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2021-3449.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nz/Transaction Processing Facility| 1.1 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nz/TPF| 1.1| PJ46477| Apply the APAR, which is available for download from the [TPF Family Products: Maintenance](<https://www.ibm.com/support/pages/node/618275> \"TPF Family Product: Maintenance\" ) web page. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Apr 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSZL53\",\"label\":\"TPF\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF036\",\"label\":\"z\\/TPF\"}],\"Version\":\"1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-29T15:58:54", "type": "ibm", "title": "Security Bulletin: z/TPF is affected by an OpenSSL vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-04-29T15:58:54", "id": "40FF55B5795EDDC89506253F7614F64D589E9F985162917C433828167306DB0E", "href": "https://www.ibm.com/support/pages/node/6447507", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T21:40:45", "description": "## Summary\n\nIBM has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DataPower Gateway V10 CD| 10.0.2.0 \nIBM DataPower Gateway 10.0.1| 10.0.1.0-10.0.1.3 \n \n\n\n## Remediation/Fixes\n\nAffected Product \n| Fixed in Version \n| APAR \n \n---|---|--- \nIBM DataPower Gateway V10 CD \n| 10.0.3.0 \n| [IT36407](<https://www.ibm.com/support/pages/apar/IT36407> \"IT36407\" ) \n \nIBM DataPower Gateway 10.0.1 \n| 10.0.1.4 \n| [IT36407](<https://www.ibm.com/support/pages/apar/IT36407> \"IT36407\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12 Aug 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU004\",\"label\":\"Hybrid Cloud\"},\"Product\":{\"code\":\"SSHPHA\",\"label\":\"IBM DataPower Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"V10, 10CD\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-16T15:12:36", "type": "ibm", "title": "Security Bulletin: Potential DoS in IBM DataPower Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-16T15:12:36", "id": "156A423D91231641B7B06703B06D394BB31F565A2A6E565DA370AE1DFE2E3F38", "href": "https://www.ibm.com/support/pages/node/6481675", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-01T21:52:49", "description": "## Summary\n\nPublic disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nFOS| 9.X prior to 9.0.1b \nFOS \n| 8.X prior to 8.2.3 \n \nFOS \n| 7.X prior to 7.4.2h \n \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Fix \n---|---|--- \nFOS \n| 9.0.1b \n| <https://www.ibm.com/support/pages/node/6371270> \nFOS \n| 8.2.3 \n| \n\n<https://www.ibm.com/support/pages/node/6371270> \n \nFOS \n| 7.4.2h \n| \n\n<https://www.ibm.com/support/pages/node/6371270> \n \n## Workarounds and Mitigations\n\n \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n04 Aug 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"HW550\",\"label\":\"Network Switches\"},\"Component\":\"FOS Firmware\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"IBM b-type switches and directors\",\"Edition\":\"All\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-08-04T23:56:33", "type": "ibm", "title": "Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-08-04T23:56:33", "id": "478179A4FF7D7F88209674CCCA14AA5E28599D1CB2F8DECF2A69F98F78B27118", "href": "https://www.ibm.com/support/pages/node/6478719", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nMessageGateway has addressed the following vulnerability by updating the version of OpenSSL.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n \n\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WIoTP MessageGateway| 5.0.0.1 \n \n \n\n\n \n\n\n \n\n\n## Remediation/Fixes\n\n \n\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT37192_\n\n| [_5.0.0.2-IBM-IMA-IFIT37191_](<https://www.ibm.com/support/pages/node/6462607>) \n \n \n\n\n \n\n\n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 Jun 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSF79B\",\"label\":\"IBM Watson IoT Platform - Message Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"5.0.0.2\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-21T21:55:43", "type": "ibm", "title": "Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-CVE-2021-3449)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449"], "modified": "2021-06-21T21:55:43", "id": "6A618EAE42104251ED8BFD4A24087719BC5523571FCFED871C921517BEA0FE71", "href": "https://www.ibm.com/support/pages/node/6465583", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-16T23:41:11", "description": "## Summary\n\nOpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 have been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Workload Automation| 9.5 \nIBM Workload Automation| 9.4 \n \n## Remediation/Fixes\n\nAPAR IJ30802 has been opened to address the openssl vulnerabilities for IBM Workload Scheduler. \nAPAR IJ30802 has been included in 9.5.0.04. For release 9.4, the apar is available on FixCentral for download, to be applied on top of 9.4.0.07. \nFor Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n05 Aug 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU004\",\"label\":\"Hybrid Cloud\"},\"Product\":{\"code\":\"SSCHEZ\",\"label\":\"IBM Workload Automation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"9.4, 9.5\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-09-08T09:42:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-09-08T09:42:32", "id": "00DD5060E6124BE4F25A4AF7DA83D15A52360F89A1F6A84F1ED9C6E28CD62833", "href": "https://www.ibm.com/support/pages/node/6479351", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:54:11", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Elastic Storage System| 6.0.0 - 6.0.2.0 \n \n\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher: \n\nV6.0.2.1\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+%28ESS%29&release=6.0.0&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 May 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"STHMCM\",\"label\":\"IBM Elastic Storage Server\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"6.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-05-19T10:06:22", "type": "ibm", "title": "Security Bulletin: IBM Elastic Storage System systems are affected by vulnerabilities in OpenSSL", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-05-19T10:06:22", "id": "3F34AB5AA343AE750DDC18968E6F874BE99938ACC1A401B2E368156C6C827FD8", "href": "https://www.ibm.com/support/pages/node/6454457", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:53:41", "description": "## Summary\n\nThere is an update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services | 1.2.1 \n \n\n\n## Remediation/Fixes\n\nDownload and install the newest deployment of IBM Watson Speech Services 1.2.1 to your cluster. This deployment contains fixes for the OpenSSL vulnerabilities described in this bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 Apr 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSCLA6\",\"label\":\"Watson Discovery\"},\"Component\":\"ICP - Discovery\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.0.0 - 1.2.1\",\"Edition\":\"ALL\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-04-20T21:35:04", "type": "ibm", "title": "Security Bulletin: Update available for OpenSSL vulnerabilities affecting IBM Watson Speech Services 1.2.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-04-20T21:35:04", "id": "CC6DB3505939453FB542901C62C95B2A03B3815D8482DF559005310A267A606D", "href": "https://www.ibm.com/support/pages/node/6445493", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:50:37", "description": "## Summary\n\nIBM MobileFirst Platform Foundation has addressed the following vulnerabilities by updating the version of OpenSSL\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Foundation| 8.0.0.0 \n \n## Remediation/Fixes\n\nPublished artifacts with the fix\n\n[iOS Native SDK - 8.0.2021062406](<https://cocoapods.org/pods/IBMMobileFirstPlatformFoundationJSONStore> \"iOS Native SDK - 8.0.2021062406\" ) \n--- \n[Android Native SDK - 8.0.2021062313](<https://mvnrepository.com/artifact/com.ibm.mobile.foundation/ibmmobilefirstplatformfoundationjsonstore/8.0.2021062313> \"Android Native SDK - 8.0.2021062313\" ) \n[Cordova SDK - 8.0.2021062408](<https://www.npmjs.com/package/cordova-plugin-mfp-jsonstore> \"Cordova SDK - 8.0.2021062408\" ) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n24 Jun 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU025\",\"label\":\"IBM Cloud and Cognitive Software\"},\"Product\":{\"code\":\"SSVNUQ\",\"label\":\"IBM MobileFirst Platform Foundation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF003\",\"label\":\"Android\"},{\"code\":\"PF014\",\"label\":\"iOS\"}],\"Version\":\"8.0.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-06-29T14:41:13", "type": "ibm", "title": "Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-06-29T14:41:13", "id": "EFC1B556A22098087C19B5342F262C1D63356C91A618DD58A453DF339E10D8AD", "href": "https://www.ibm.com/support/pages/node/6467937", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nOpenSSL is used by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i| 7.4 \nIBM i| 7.3 \nIBM i| 7.2 \nIBM i| 7.1 \n \n\n\n## Remediation/Fixes\n\nThe issues can be fixed by applying a PTF to IBM i. Releases 7.4, 7.3, 7.2, and 7.1 of IBM i are supported and will be fixed. \n\nThe IBM i PTF numbers are: \n**Release 7.1 \u2013 SI75994** \n**Release 7.2, 7.3, & 7.4 \u2013 SI75995** \n[https://www.ibm.com/support/fixcentral](<https://www.ibm.com/support/fixcentral/>)\n\n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n15 Apr 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM i\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-04-15T16:03:24", "type": "ibm", "title": "Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3449 and CVE-2021-3450", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-04-15T16:03:24", "id": "93D982A39132D6971EA07E3AA657EC8948513467BCB8FA924C2C3CDB21B10B29", "href": "https://www.ibm.com/support/pages/node/6443733", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:39:52", "description": "## Summary\n\nA potential vulnerability has been identified related to OpenSSL. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWA for ICP| 1.4.2, 1.5.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the latest (4.0.0) release of WA for CP4D which maintains backward compatibility with the versions listed above.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Jul 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSWTLZ\",\"label\":\"Watson Developer Cloud\"},\"Component\":\"Watson Assistant\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"4.0.0\",\"Edition\":\"All\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-07-30T21:12:39", "type": "ibm", "title": "Security Bulletin: Potential vulnerability in OpenSSL", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-07-30T21:12:39", "id": "8F36292DD2EC673F77E7D26F88D6129155EA165304B1A957E549DC327B6DCB50", "href": "https://www.ibm.com/support/pages/node/6476632", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-30T21:43:13", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed Node.js vulnerabilities CVE-2021-3450 and CVE-2021-3449 \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.4.2, 2.4.3 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 2.4.4 or later. \n\nIBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> \"link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n23 Jun 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU004\",\"label\":\"Hybrid Cloud\"},\"Product\":{\"code\":\"SS5Q6W\",\"label\":\"IBM Cloud Transformation Advisor\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.0\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-06-23T13:16:47", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-06-23T13:16:47", "id": "D1F42AA8CB20DBF23F25294AF1D5952B14F11D54D59A127F5802F150505DD446", "href": "https://www.ibm.com/support/pages/node/6466329", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-19T23:32:39", "description": "## Summary\n\nA potential vulnerability has been identified related to Node.js. Refer to details for additional information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-7774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774>) \n** DESCRIPTION: **Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191999](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191999>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWA for ICP| 1.4.2, 1.5.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to the latest (4.0.0) release of WA for CP4D which maintains backward compatibility with the versions listed above.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Jul 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSWTLZ\",\"label\":\"Watson Developer Cloud\"},\"Component\":\"Watson Assistant\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"4.0.0\",\"Edition\":\"All\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-30T21:10:10", "type": "ibm", "title": "Security Bulletin: Potential vulnerability with Node.js", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7774", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-07-30T21:10:10", "id": "8CB93770328F2819DE92FFEB5767258BAD5A547F304198FB72E85CAB4E4E55B4", "href": "https://www.ibm.com/support/pages/node/6476334", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:40:46", "description": "## Summary\n\nCloud Pak for Security (CP4S) v1.7.1.0 and older is vulnerable to multiple CVEs. These have been addressed in the latest product release, CP4S v1.7.2.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-20305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305>) \n** DESCRIPTION: **Nettle could allow a remote attacker to bypass security restrictions, caused by a flaw related to several signature verification functions result in the Elliptic Curve Cryptography point (ECC) multiply function being invoked with out-of-range scalers. An attacker could exploit this vulnerability to force an invalid signature, causing an assertion failure or possible validation. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-1971](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-24659](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24659>) \n** DESCRIPTION: **GnuTLS is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially-crafted messages, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20539](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20539>) \n** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198920](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198920>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-27619](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619>) \n** DESCRIPTION: **An unspecified error with CJK codec tests call eval() on content retrieved throug HTTP in multibytecodec_support.py in Python has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190408>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-26116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116>) \n** DESCRIPTION: **Python is vulnerable to CRLF injection, caused by improper validation of user-supplied input in http.client. By inserting CR and LF control characters in the first argument of HTTPConnection.request, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-3177](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177>) \n** DESCRIPTION: **Python is vulnerable to a buffer overflow, caused by improper bounds checking by the PyCArg_repr function in _ctypes/callproc.c. By sending specially-crafted arguments to c_double.from_param, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195244](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195244>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-20541](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20541>) \n** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198927](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198927>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-29696](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29696>) \n** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200597](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200597>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-20540](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20540>) \n** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198923](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198923>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-29697](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29697>) \n** DESCRIPTION: **IBM Cloud Pak for Security (CP4S) could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200598](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200598>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.5.0.0 \nCloud Pak for Security (CP4S)| 1.5.1.0 \nCloud Pak for Security (CP4S)| 1.6.0.0 \nCloud Pak for Security (CP4S)| 1.6.1.0 \nCloud Pak for Security (CP4S)| 1.7.0.0 \nCloud Pak for Security (CP4S)| 1.7.1.0 \n \n\n\n## Remediation/Fixes\n\nPlease upgrade to CP4S 1.7.2.0 by following instructions in IBM Documentation at <https://www.ibm.com/docs/en/SSTDPP_1.7/docs/security-pak/upgrading_172.html>\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nX-Force Ethical Hacking Team: John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vincent Dragnea, Troy Fisher, Elaheh Samani, Gabor Minyo., John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Troy Fisher, Nathan Roane, Elaheh Samani and G\n\n## Change History\n\n29 Jul 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTDPP\",\"label\":\"IBM Cloud Pak for Security\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"1.5.0.0, 1.5.0.1, 1.6.0.0, 1.6.0.1, 1.7.0.0, 1.7.1.0,\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-30T07:38:48", "type": "ibm", "title": "Security Bulletin: Cloud Pak for Security has several security vulnerabilities addressed in the latest version", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1971", "CVE-2020-24659", "CVE-2020-26116", "CVE-2020-27619", "CVE-2021-20305", "CVE-2021-20539", "CVE-2021-20540", "CVE-2021-20541", "CVE-2021-29696", "CVE-2021-29697", "CVE-2021-3177", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-07-30T07:38:48", "id": "1A8A5E6AC75FF4A1A546DD1431D4E3A224B13E96434DBC2C5C874D7E73D90553", "href": "https://www.ibm.com/support/pages/node/6476940", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:49:49", "description": "## Summary\n\nIBM QRadar SIEM's App Framework V1, based on CentOS 6, contains known vulnerabilities and is based on technologies that are no longer being supported. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9636](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636>) \n** DESCRIPTION: **Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling in NFKC normalization. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-27219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-10897](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10897>) \n** DESCRIPTION: **reposync could allow a remote attacker to traverse directories on the system, caused by the improper sanitation of paths in remote repository configuration files. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability using path traversal to overwrite critical system files and compromise the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147685](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147685>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when encrypting with a block cipher. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt the heap and execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172458](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172458>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-12020](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020>) \n** DESCRIPTION: **GnuPG could allow a remote attacker to conduct spoofing attacks, caused by the improper handling of the original filename during decryption and verification actions in mainproc.c. An attacker could exploit this vulnerability to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/144556](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144556>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-12749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749>) \n** DESCRIPTION: **D-Bus could allow a remote attacker to bypass security restrictions, caused by symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. By manipulating a ~/.dbus-keyrings symlink, an attacker could exploit this vulnerability to bypass DBUS_COOKIE_SHA1 authentication to allow a DBusServer with a different uid to read and write in arbitrary locations. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162386](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162386>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2017-15804](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/133996](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133996>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-3863](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in user authenticate keyboard interactive. By sending a specially crafted message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158347](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158347>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-3857](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit signal message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158341](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158341>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-3856](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in keyboard interactive handling. By sending a specially crafted request, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158340](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158340>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-3855](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855>) \n** DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in transport read. By sending specially crafted packets, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and execute arbitrary code on the client system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158339](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158339>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-12384](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by the improper handling of an SSLv2-compatible ClientHello message. By conducting a passive replay attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150436>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-1559](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic. \nCVSS Base score: 5.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-1971](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-3572](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572>) \n** DESCRIPTION: **pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208954>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-20916](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20916>) \n** DESCRIPTION: **pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a specified URL. An attacker could use a specially-crafted Content-Disposition header with filename containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) \n \n** CVEID: **[CVE-2019-12735](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735>) \n** DESCRIPTION: **Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162255](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162255>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.3.0 to 7.3.3 FP 10\n\nIBM QRadar SIEM 7.4.0 to 7.4.3 FP 4\n\n## Remediation/Fixes\n\nCustomers should remove all CentOS 6 apps from their QRadar deployment or upgrade to UBI 8 versions. Apps can be uninstalled via Extension Management.\n\nTo ensure all CentOS 6 apps are removed and to prevent installation of CentOS 6 apps in the future, follow the guidelines at <http://ibm.biz/qradarcentos6> on supported QRadar versions. In a future version of QRadar, this will be the default state. \n\n## Workarounds and Mitigations\n\nUpgrade apps to UBI8 versions and manually uninstall any remaining CentOS 6 based apps from your QRadar installation. \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n26 Nov 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSBQAC\",\"label\":\"IBM QRadar SIEM\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.3, 7.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-12-14T20:35:00", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM Application Framework v1 (CentOS6) is End of Life", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15804", "CVE-2018-10897", "CVE-2018-12020", "CVE-2018-12384", "CVE-2019-11745", "CVE-2019-12735", "CVE-2019-12749", "CVE-2019-1559", "CVE-2019-20916", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3863", "CVE-2019-9636", "CVE-2020-1971", "CVE-2021-27219", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3572"], "modified": "2021-12-14T20:35:00", "id": "1B0ED4A3526A4957AFA5966EC1D954AC93826AA8F95F1EF2E8A3A6657E73F691", "href": "https://www.ibm.com/support/pages/node/6520674", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-11T13:29:36", "description": "## Summary\n\nMultiple Security vulnerabilities have been fixed in the IBM Security Verify Access product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520>) \n** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-38957](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38957>) \n** DESCRIPTION: **IBM Security Verify could disclose sensitive information due to hazardous input validation during QR code generation. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212040](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212040>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-13434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by a heap-based buffer overflow in the mishandling of query-flattener optimization in select.c. By sending a specially-crafted query, a local authenticated attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184103](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184103>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-13012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012>) \n** DESCRIPTION: **GNOME GLib could allow a local attacker to bypass security restrictions, caused by improper permission control in the keyfile settings backend. An attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-27218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218>) \n** DESCRIPTION: **GNOME GLib is vulnerable to a denial of service, caused by an error when invoking g_byte_array_new_take() with a buffer of 4GB or more on a 64-bit platform. An attacker could exploit this vulnerability to cause unintended length truncation. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8927](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927>) \n** DESCRIPTION: **Brotli is vulnerable to buffer overflow. By controlling the input length of a \"one-shot\" decompression request to a script, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-24977](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516>) \n** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3537](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3541](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack which bypasses all existing protection mechanisms. A remote authenticated attacker could exploit this vulnerability to consume all available resources. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204818](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204818>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-38894](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38894>) \n** DESCRIPTION: **IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209515>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-38921](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38921>) \n** DESCRIPTION: **IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/210067](<https://exchange.xforce.ibmcloud.com/vulnerabilities/210067>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-38956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38956>) \n** DESCRIPTION: **IBM Security Verify could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212038](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212038>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-10228](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228>) \n** DESCRIPTION: **GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124078](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124078>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>) \n** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-25013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by a buffer over-read in iconv feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a SIGSEGV. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-27618](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196446](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196446>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3326](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an assertion failure when processing invalid input sequences in the ISO-2022-JP-3 encoding in the iconv function. By sending specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305>) \n** DESCRIPTION: **Nettle could allow a remote attacker to bypass security restrictions, caused by a flaw related to several signature verification functions result in the Elliptic Curve Cryptography point (ECC) multiply function being invoked with out-of-range scalers. An attacker could exploit this vulnerability to force an invalid signature, causing an assertion failure or possible validation. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-38895](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38895>) \n** DESCRIPTION: **IBM Security Verify is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209563](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209563>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-32027](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32027>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow while modifying certain SQL array values. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-32028](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32028>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a memory disclosure vulnerability when using an INSERT \u2026 ON CONFLICT \u2026 DO UPDATE command on a purpose-crafted table. By creating prerequisite objects, an attacker could exploit this vulnerability to read arbitrary bytes of server memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203616](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203616>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-32029](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32029>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using an UPDATE\u2026RETURNING command on a purpose-crafted table. An attacker could exploit this vulnerability to read arbitrary bytes of server memory. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207909](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207909>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3393](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3393>) \n** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the error messages. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information from a column they have UPDATE permission but not SELECT permission to, and use this information to launch further attacks against the affected system. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199296](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199296>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Verify Access| 10.0.0 \n \n## Remediation/Fixes\n\n**For the ISAM/ISVA appliances**\n\nAffected Products and Versions| Fix availability \n---|--- \n \nIBM Security Verify Access 10.0.0.0\n\n| \n\n[10.0.3-ISS-ISVA-FP0000](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Access&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.3-ISS-ISVA-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"10.0.3-ISS-ISVA-FP0000\" ) \n \n**IBM Security Verify Access** (Container)\n\nFor Version 10.0.0.0\n\n * Obtain the latest version of the container by running the following command \u201cdocker pull ibmcom/verify-access:[tag]\u201d\n\nWhere [tag] is the latest published version and can be confirmed [here](<https://hub.docker.com/r/ibmcom/verify-access/tags> \"here\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nJohn Zuccato, Rodney Ryan, Chris Shepherd, Vincent Dragnea, Troy Fisher, Nathan Roane, Gabor Minyo, Geoffrey Owden and Ben Goodspeed from IBM X-Force Ethical Hacking Team\n\n## Change History\n\n14 Sep 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSRGTL\",\"label\":\"IBM Security Verify Access\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"10.0.0, 10.0.1.0, 10.0.2.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2022-01-07T00:24:27", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Verify Access", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-13012", "CVE-2019-25013", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-27618", "CVE-2020-8927", "CVE-2021-20305", "CVE-2021-27218", "CVE-2021-27219", "CVE-2021-32027", "CVE-2021-32028", "CVE-2021-32029", "CVE-2021-3326", "CVE-2021-3393", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-38894", "CVE-2021-38895", "CVE-2021-38921", "CVE-2021-38956", "CVE-2021-38957"], "modified": "2022-01-07T00:24:27", "id": "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "href": "https://www.ibm.com/support/pages/node/6538418", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:41:13", "description": "## Summary\n\nCloud Pak for Security (CP4S) v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-24332](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24332>) \n** DESCRIPTION: **TrouSerS could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the tscd Daemon. By using symlink attacks, an attacker could exploit this vulnerability to create or corrupt existing files. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186821](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186821>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2021-22543](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of VM_IO|VM_PFNMAP vmas in KVM. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to start and control a VM to read/write random pages of memory. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202561](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202561>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2019-9169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169>) \n** DESCRIPTION: **GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the proceed_next_node function in posix/regexec.c. By sending a specially-crafted argument using a case-insensitive regular-expression match, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2021-3450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid certificate or certificate chain to sign a specially crafted certificate, an attacker could bypass the check that non-CA certificates must not be able to issue other certificates and override the default purpose. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2019-25013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by a buffer over-read in iconv feature. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a SIGSEGV. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25648](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648>) \n** DESCRIPTION: **Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a denial of service, caused by improper handling of CCS (ChangeCipherSpec) messages in TLS. By sending specially-crafted CCS messages, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190416>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-25692](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25692>) \n** DESCRIPTION: **OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted TCP packet, a remote attacker could exploit this vulnerability to cause slapd to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191968](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191968>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-28196](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196>) \n** DESCRIPTION: **MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an unbounded recursion flaw in lib/krb5/asn.1/asn1_encode.c. By sending a specially-crafted ASN.1-encoded Kerberos message, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29361](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361>) \n** DESCRIPTION: **p11-glue p11-kit are vulnerable to a denial of service, caused by multiple integer overflows when allocating memory for arrays of attributes and object identifiers. By sending a specially-crafted request using realloc or calloc function, an attacker could exploit this vulnerability to cause a denial of service or possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-29362](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362>) \n** DESCRIPTION: **p11-glue p11-kit could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read flaw in the RPC protocol. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain up to 4 bytes of memory past the heap allocation, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-29363](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363>) \n** DESCRIPTION: **p11-glue p11-kit is vulnerable to a denial of service, caused by a heap-based buffer overflow in the RPC protocol. By sending a serialized byte array in a CK_ATTRIBUTE, a remote attacker could overflow a buffer and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8285](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a stack-based buffer overflow in the wildcard matching function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-8286](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286>) \n** DESCRIPTION: **cURL libcurl could allow a remote attacker to bypass security restrictions, caused by improper OCSP response verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to breach a TLS server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-8625](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625>) \n** DESCRIPTION: **ISC BIND is vulnerable to a buffer overflow, caused by improper bounds checking by the SPNEGO implementation. By setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the named process to crash. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196959](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196959>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23362](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23362>) \n** DESCRIPTION: **Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the fromUrl function in index.js. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-2388](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-25215](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries for DNAME records. By sending a query for DNAME records, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200960](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200960>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27219](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27219>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to cause a denial of service, caused by an integer overflow in the g_bytes_new function. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27290](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290>) \n** DESCRIPTION: **Node.js ssri module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw by the SRIs. By sending a specially-crafted regex string, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3326](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an assertion failure when processing invalid input sequences in the ISO-2022-JP-3 encoding in the iconv function. By sending specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195732>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3449](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signature_algorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198752>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3537](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when parsing XML mixed content in recovery mode and post-validated. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203084](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203084>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2017-14502](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502>) \n** DESCRIPTION: **libarchive is vulnerable to a buffer overflow, caused by improper bounds checking by the read_header function in archive_read_support_format_rar.c. By persuading a victim to open a specially-crafted RAR file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132123](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132123>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24330](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24330>) \n** DESCRIPTION: **TrouSerS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when the tcsd daemon is started with root privileges instead of by the tss user. An attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186762](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186762>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24331](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24331>) \n** DESCRIPTION: **TrouSerS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when the tcsd daemon is started with root privileges. An attacker could exploit this vulnerability to gain read and write privileges on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186763](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186763>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24977](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22555](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204997>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3516](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516>) \n** DESCRIPTION: **libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in entities.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202838](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202838>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3609](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in net/can/bcm.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204088](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204088>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-20305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305>) \n** DESCRIPTION: **Nettle could allow a remote attacker to bypass security restrictions, caused by a flaw related to several signature verification functions result in the Elliptic Curve Cryptography point (ECC) multiply function being invoked with out-of-range scalers. An attacker could exploit this vulnerability to force an invalid signature, causing an assertion failure or possible validation. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3517](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by xmlEncodeEntitiesInternal() in entities.c. By sending a specially crafted file, a remote attacker could trigger an out-of-bounds read and execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202526](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202526>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3518](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518>) \n** DESCRIPTION: **GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203144](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203144>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2021-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520>) \n** DESCRIPTION: **lz4 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted file, an attacker could invoke memmove() on a negative size argument leading to memory corruption and trigger an out-of-bounds write or cause the library to crash. \nCVSS Base score: 8.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202592](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202592>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) \n \n** CVEID: **[CVE-2019-18276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276>) \n** DESCRIPTION: **GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172331](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172331>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13543](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13543>) \n** DESCRIPTION: **Webkit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebSocket functionality. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192461](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192461>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13584](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13584>) \n** DESCRIPTION: **Webkit WebKitGTK could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the ImageDecoderGStreamer functionality. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14360](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14360>) \n** DESCRIPTION: **X.Org xserver could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient checks on the lengths of the XkbSetMap request. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain out-of-bounds memory access in the X server and escalate privileges. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192532>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9951](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9951>) \n** DESCRIPTION: **Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-1817](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1817>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200746](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200746>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-30661](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661>) \n** DESCRIPTION: **Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200749](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200749>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-23337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337>) \n** DESCRIPTION: **Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196797>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2432](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2432>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-2341](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-13012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012>) \n** DESCRIPTION: **GNOME GLib could allow a local attacker to bypass security restrictions, caused by improper permission control in the keyfile settings backend. An attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166666](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166666>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-2708](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2708>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Berkeley DB related to the Data Store component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/159800](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159800>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14363](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363>) \n** DESCRIPTION: **X.Org libX11 is vulnerable to a denial of service, caused by a double free in the way LibX11 handles locales. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/187359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/187359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-1971](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-12049](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12049>) \n** DESCRIPTION: **D-Bus is vulnerable to a denial of service, caused by an error in _dbus_read_socket_with_unix_fds. By sending specially crafted messages, a local attacker could exploit this vulnerability to cause the system dbus-daemon (dbus-daemon --system) to leak file descriptors. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182955>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-10029](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029>) \n** DESCRIPTION: **GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by a stack-based overflow during range reduction. A local attacker could exploit this vulnerability to cause a stack corruption, leading to a denial of service condition. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-29573](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29573>) \n** DESCRIPTION: **GNU C Library is vulnerable to a stack-based buffer overflow, caused by not handling non-normal x86 long double numbers gracefully for printf family functions. By sending a specially crafted value to the functions, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192722](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192722>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-8624](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624>) \n** DESCRIPTION: **ISC BIND could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to properly enforce the update-policy rules of type \"subdomain\". By sending a specially-crafted request, an attacker could exploit this vulnerability to update other co
