crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
{"ubuntucve": [{"lastseen": "2022-08-04T14:31:12", "description": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used\nin stunnel and other products, in certain circumstances involving ECDH or\nECDHE cipher suites, uses an incorrect modular reduction algorithm in its\nimplementation of the P-256 and P-384 NIST elliptic curves, which allows\nremote attackers to obtain the private key of a TLS server via multiple\nhandshake attempts.", "cvss3": {}, "published": "2012-01-26T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4354", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4354"], "modified": "2012-01-26T00:00:00", "id": "UB:CVE-2011-4354", "href": "https://ubuntu.com/security/CVE-2011-4354", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "f5": [{"lastseen": "2016-09-26T17:23:05", "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n", "cvss3": {}, "published": "2014-07-17T00:00:00", "type": "f5", "title": "SOL15427 - OpenSSL vulnerability CVE-2011-4354", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4354"], "modified": "2014-07-17T00:00:00", "id": "SOL15427", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15427.html", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2023-02-13T14:10:28", "description": "crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.", "cvss3": {}, "published": "2012-01-27T00:55:00", "type": "cve", "title": "CVE-2011-4354", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4354"], "modified": "2012-11-06T05:03:00", "cpe": ["cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.5"], "id": "CVE-2011-4354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4354", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:x86:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:x86:*"]}], "suse": [{"lastseen": "2016-09-04T12:35:28", "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * ECC private key can leak on 32 bit platforms. (CVE-2011-4354)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2011-4354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354</a>>\n\n\n", "cvss3": {}, "published": "2014-06-07T00:04:15", "type": "suse", "title": "Security update for OpenSSL (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0224", "CVE-2011-4354"], "modified": "2014-06-07T00:04:15", "id": "SUSE-SU-2014:0768-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-02-19T14:55:27", "description": "According to its banner, the remote web server uses a version of OpenSSL older than 0.9.8h. As such, it may be affected by the following vulnerabilities :\n\n - A double-free error exists related to the handling of server name extension data and specially crafted TLS 1.0 'Client Hello' packets. This can cause application crashes. Note that successful exploitation requires that OpenSSL is compiled with the TLS server name extensions.\n (CVE-2008-0891)\n\n - A NULL pointer dereference error exists related to anonymous Diffie-Hellman key exchange and TLS handshakes. This can be exploited by omitting the 'Server Key exchange message' from the handshake and can cause application crashes. (CVE-2008-1672)\n\n - On 32-bit builds, an information disclosure vulnerability exists during certain calculations for NIST elliptic curves P-256 or P-384. This error can allow an attacker to recover the private key of the TLS server. \n\n The following are required for exploitation :\n\n - 32-bit build\n - Use of elliptic curves P-256 and/or P-384\n - Either the use of ECDH family ciphers and/or the use of ECDHE family ciphers without the SSL_OP_SINGLE_ECDH_USE context option \n\n (CVE-2011-4354)\n\nNote that Nessus has not attempted to verify that these issues are actually exploitable or have been patched but instead has relied on the version number found in the Server response header.", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8h Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0891", "CVE-2008-1672", "CVE-2011-4354"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8H.NASL", "href": "https://www.tenable.com/plugins/nessus/56996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56996);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2008-0891\", \"CVE-2008-1672\", \"CVE-2011-4354\");\n script_bugtraq_id(29405, 50882);\n script_xref(name:\"CERT\", value:\"520586\");\n script_xref(name:\"CERT\", value:\"661475\");\n\n script_name(english:\"OpenSSL < 0.9.8h Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has multiple SSL-related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL older than 0.9.8h. As such, it may be affected by the\nfollowing vulnerabilities :\n\n - A double-free error exists related to the handling of\n server name extension data and specially crafted TLS\n 1.0 'Client Hello' packets. This can cause application\n crashes. Note that successful exploitation requires that\n OpenSSL is compiled with the TLS server name extensions.\n (CVE-2008-0891)\n\n - A NULL pointer dereference error exists related to \n anonymous Diffie-Hellman key exchange and TLS\n handshakes. This can be exploited by omitting the \n 'Server Key exchange message' from the handshake and\n can cause application crashes. (CVE-2008-1672)\n\n - On 32-bit builds, an information disclosure\n vulnerability exists during certain calculations for \n NIST elliptic curves P-256 or P-384. This error can\n allow an attacker to recover the private key of the TLS\n server. \n\n The following are required for exploitation :\n\n - 32-bit build\n - Use of elliptic curves P-256 and/or P-384\n - Either the use of ECDH family ciphers and/or the \n use of ECDHE family ciphers without the\n SSL_OP_SINGLE_ECDH_USE context option \n\n (CVE-2011-4354)\n\nNote that Nessus has not attempted to verify that these issues are\nactually exploitable or have been patched but instead has relied on\nthe version number found in the Server response header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2011/12/01/6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20080528.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 0.9.8h or later or apply the vendor-supplied\npatches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8h', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:38:37", "description": "Versions of OpenSSL earlier than 0.9.8h are potentially affected by multiple vulnerabilities :\n\n - A double-free error exists related to the handling of server name extension data and specially crafted TLS 1.0 'Client Hello' packets. This can cause application crashes. Note that successful exploitation requires that OpenSSL is compiled with the TLS server name extensions. (CVE-2008-0891)\n\n - A NULL pointer dereference error exists related to anonymous Diffie-Hellman key exchange and TLS handshakes. This can be exploited by omitting the 'Server Key exchange message' from the handshake and can cause application crashes. (CVE-2008-1672)\n\n - On 32-bit builds, an information disclosure vulnerability exists during certain calculations for NIST elliptic curves P-256 or P-384. This error can allow an attacker to recover the private key of the TLS server.\n\n The following are required for exploitation :\n\n - 32-bit build\n\n - Use of elliptic curves P-256 and/or P-384\n\n - Either the use of ECDH family ciphers and/or the use of ECDHE family ciphers without the SSL_OP_SINGLE_ECDH_USE context option. (CVE-2011-4354)", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8h Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0891", "CVE-2008-1672", "CVE-2008-4534", "CVE-2011-4354"], "modified": "2011-12-02T00:00:00", "cpe": [], "id": "801061.PRM", "href": "https://www.tenable.com/plugins/lce/801061", "sourceData": "Binary data 801061.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-16T22:45:43", "description": "Versions of OpenSSL earlier than 0.9.8h are potentially affected by multiple vulnerabilities :\n\n - A double-free error exists related to the handling of server name extension data and specially crafted TLS 1.0 'Client Hello' packets. This can cause application crashes. Note that successful exploitation requires that OpenSSL is compiled with the TLS server name extensions. (CVE-2008-0891)\n\n - A NULL pointer dereference error exists related to anonymous Diffie-Hellman key exchange and TLS handshakes. This can be exploited by omitting the 'Server Key exchange message' from the handshake and can cause application crashes. (CVE-2008-1672)\n\n - On 32-bit builds, an information disclosure vulnerability exists during certain calculations for NIST elliptic curves P-256 or P-384. This error can allow an attacker to recover the private key of the TLS server.\n\n The following are required for exploitation :\n\n - 32-bit build\n\n - Use of elliptic curves P-256 and/or P-384\n\n - Either the use of ECDH family ciphers and/or the use of ECDHE family ciphers without the SSL_OP_SINGLE_ECDH_USE context option. (CVE-2011-4354)", "cvss3": {}, "published": "2011-12-02T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8h Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0891", "CVE-2008-1672", "CVE-2008-4534", "CVE-2011-4354"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "4521.PRM", "href": "https://www.tenable.com/plugins/nnm/4521", "sourceData": "Binary data 4521.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:19:46", "description": "Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.\n\n - CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.\n\n - CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this vulnerability.)\n\n - CVE-2011-4576 The SSL 3.0 implementation does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, unnecessarily simplifying CPU exhaustion attacks.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "Debian DSA-2390-1 : openssl - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/57543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2390. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57543);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_bugtraq_id(50882, 51281);\n script_xref(name:\"DSA\", value:\"2390\");\n\n script_name(english:\"Debian DSA-2390-1 : openssl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and Exposures\nproject identifies the following vulnerabilities :\n\n - CVE-2011-4108\n The DTLS implementation performs a MAC check only if\n certain padding is valid, which makes it easier for\n remote attackers to recover plaintext via a padding\n oracle attack.\n\n - CVE-2011-4109\n A double free vulnerability when\n X509_V_FLAG_POLICY_CHECK is enabled, allows remote\n attackers to cause applications crashes and potentially\n allow execution of arbitrary code by triggering failure\n of a policy check.\n\n - CVE-2011-4354\n On 32-bit systems, the operations on NIST elliptic\n curves P-256 and P-384 are not correctly implemented,\n potentially leaking the private ECC key of a TLS server.\n (Regular RSA-based keys are not affected by this\n vulnerability.)\n\n - CVE-2011-4576\n The SSL 3.0 implementation does not properly initialize\n data structures for block cipher padding, which might\n allow remote attackers to obtain sensitive information\n by decrypting the padding data sent by an SSL peer.\n\n - CVE-2011-4619\n The Server Gated Cryptography (SGC) implementation in\n OpenSSL does not properly handle handshake restarts,\n unnecessarily simplifying CPU exhaustion attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2390\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:21:04", "description": "It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.\nThis could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information.\n(CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts.\nThis could allow a remote attacker to cause a denial of service.\n(CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-02-10T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "p-cpe:/a:canonical:ubuntu_linux:openssl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1357-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1357-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57887);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1945\", \"CVE-2011-3210\", \"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_bugtraq_id(47888, 49471, 50882, 51281, 51563);\n script_xref(name:\"USN\", value:\"1357-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This could\nallow a remote attacker to cause a denial of service via out-of-order\nmessages that violate the TLS protocol. This issue only affected\nUbuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.\n(CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram\nTransport Layer Security (DTLS) implementation in OpenSSL performed a\nMAC check only if certain padding is valid. This could allow a remote\nattacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address\nCVE-2011-4108, the DTLS MAC check failure. This could allow a remote\nattacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that\ncould be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled.\nThis could allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This could allow a remote attacker to obtain the private key\nof a TLS server via multiple handshake attempts. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did\nnot properly initialize data structures for block cipher padding. This\ncould allow a remote attacker to obtain sensitive information.\n(CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC)\nimplementation in OpenSSL did not properly handle handshake restarts.\nThis could allow a remote attacker to cause a denial of service.\n(CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1357-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libssl0.9.8, libssl1.0.0 and / or openssl\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8g-4ubuntu3.15\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"openssl\", pkgver:\"0.9.8g-4ubuntu3.15\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openssl\", pkgver:\"0.9.8k-7ubuntu8.8\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"openssl\", pkgver:\"0.9.8o-1ubuntu4.6\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8o-5ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"openssl\", pkgver:\"0.9.8o-5ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.0e-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"openssl\", pkgver:\"1.0.0e-2ubuntu4.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0 / openssl\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:55", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2390-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70708", "href": "http://plugins.openvas.org/nasl.php?oid=70708", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2390_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2390-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\nThe DTLS implementation performs a MAC check only if certain\npadding is valid, which makes it easier for remote attackers\nto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109\nA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\nenabled, allows remote attackers to cause applications crashes\nand potentially allow execution of arbitrary code by\ntriggering failure of a policy check.\n\nCVE-2011-4354\nOn 32-bit systems, the operations on NIST elliptic curves\nP-256 and P-384 are not correctly implemented, potentially\nleaking the private ECC key of a TLS server. (Regular\nRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\nThe SSL 3.0 implementation does not properly initialize data\nstructures for block cipher padding, which might allow remote\nattackers to obtain sensitive information by decrypting the\npadding data sent by an SSL peer.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL\ndoes not properly handle handshake restarts, unnecessarily\nsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202390-1\";\n\nif(description)\n{\n script_id(70708);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:14 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2390-1 (openssl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2390-1 (openssl)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070708", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070708", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2390_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2390-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70708\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4619\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:28:14 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2390-1 (openssl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202390-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\nThe DTLS implementation performs a MAC check only if certain\npadding is valid, which makes it easier for remote attackers\nto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109\nA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\nenabled, allows remote attackers to cause applications crashes\nand potentially allow execution of arbitrary code by\ntriggering failure of a policy check.\n\nCVE-2011-4354\nOn 32-bit systems, the operations on NIST elliptic curves\nP-256 and P-384 are not correctly implemented, potentially\nleaking the private ECC key of a TLS server. (Regular\nRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\nThe SSL 3.0 implementation does not properly initialize data\nstructures for block cipher padding, which might allow remote\nattackers to obtain sensitive information by decrypting the\npadding data sent by an SSL peer.\n\nCVE-2011-4619\nThe Server Gated Cryptography (SGC) implementation in OpenSSL\ndoes not properly handle handshake restarts, unnecessarily\nsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to openssl\nannounced via advisory DSA 2390-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny15\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:21:15", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1357-1", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1357-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4354", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109", "CVE-2011-1945"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840887", "href": "http://plugins.openvas.org/nasl.php?oid=840887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1357_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for openssl USN-1357-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the elliptic curve cryptography (ECC) subsystem\n in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\n curves over binary fields. This could allow an attacker to determine\n private keys via a timing attack. This issue only affected Ubuntu 8.04\n LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\n Adam Langley discovered that the ephemeral Elliptic Curve\n Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\n safety while processing handshake messages from clients. This\n could allow a remote attacker to cause a denial of service via\n out-of-order messages that violate the TLS protocol. This issue only\n affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n 11.04. (CVE-2011-3210)\n\n Nadhem Alfardan and Kenny Paterson discovered that the Datagram\n Transport Layer Security (DTLS) implementation in OpenSSL performed a\n MAC check only if certain padding is valid. This could allow a remote\n attacker to recover plaintext. (CVE-2011-4108)\n\n Antonio Martin discovered that a flaw existed in the fix to address\n CVE-2011-4108, the DTLS MAC check failure. This could allow a remote\n attacker to cause a denial of service. (CVE-2012-0050)\n\n Ben Laurie discovered a double free vulnerability in OpenSSL that could\n be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This\n could allow a remote attacker to cause a denial of service. This\n issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04. (CVE-2011-4109)\n\n It was discovered that OpenSSL, in certain circumstances involving\n ECDH or ECDHE cipher suites, used an incorrect modular reduction\n algorithm in its implementation of the P-256 and P-384 NIST elliptic\n curves. This could allow a remote attacker to obtain the private\n key of a TLS server via multiple handshake attempts. This issue only\n affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\n Adam Langley discovered that the SSL 3.0 implementation in OpenSSL\n did not properly initialize data structures for block cipher\n padding. This could allow a remote attacker to obtain sensitive\n information. (CVE-2011-4576)\n\n Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\n could trigger an assert when handling an X.509 certificate containing\n certificate-extension data associated with IP address blocks or\n Autonomous System (AS) identifiers. This could allow a remote attacker\n to cause a denial of servi ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1357-1\";\ntag_affected = \"openssl on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1357-1/\");\n script_id(840887);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:29:45 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2011-1945\", \"CVE-2011-3210\", \"CVE-2011-4108\", \"CVE-2012-0050\",\n \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4577\",\n \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1357-1\");\n script_name(\"Ubuntu Update for openssl USN-1357-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-1ubuntu4.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-1ubuntu4.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8k-7ubuntu8.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-5ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:45", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1357-1", "cvss3": {}, "published": "2012-02-13T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-1357-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2011-4354", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109", "CVE-2011-1945"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840887", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1357_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openssl USN-1357-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1357-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840887\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 16:29:45 +0530 (Mon, 13 Feb 2012)\");\n script_cve_id(\"CVE-2011-1945\", \"CVE-2011-3210\", \"CVE-2011-4108\", \"CVE-2012-0050\",\n \"CVE-2011-4109\", \"CVE-2011-4354\", \"CVE-2011-4576\", \"CVE-2011-4577\",\n \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1357-1\");\n script_name(\"Ubuntu Update for openssl USN-1357-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1357-1\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the elliptic curve cryptography (ECC) subsystem\n in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\n curves over binary fields. This could allow an attacker to determine\n private keys via a timing attack. This issue only affected Ubuntu 8.04\n LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\n Adam Langley discovered that the ephemeral Elliptic Curve\n Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\n safety while processing handshake messages from clients. This\n could allow a remote attacker to cause a denial of service via\n out-of-order messages that violate the TLS protocol. This issue only\n affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n 11.04. (CVE-2011-3210)\n\n Nadhem Alfardan and Kenny Paterson discovered that the Datagram\n Transport Layer Security (DTLS) implementation in OpenSSL performed a\n MAC check only if certain padding is valid. This could allow a remote\n attacker to recover plaintext. (CVE-2011-4108)\n\n Antonio Martin discovered that a flaw existed in the fix to address\n CVE-2011-4108, the DTLS MAC check failure. This could allow a remote\n attacker to cause a denial of service. (CVE-2012-0050)\n\n Ben Laurie discovered a double free vulnerability in OpenSSL that could\n be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This\n could allow a remote attacker to cause a denial of service. This\n issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\n and Ubuntu 11.04. (CVE-2011-4109)\n\n It was discovered that OpenSSL, in certain circumstances involving\n ECDH or ECDHE cipher suites, used an incorrect modular reduction\n algorithm in its implementation of the P-256 and P-384 NIST elliptic\n curves. This could allow a remote attacker to obtain the private\n key of a TLS server via multiple handshake attempts. This issue only\n affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\n Adam Langley discovered that the SSL 3.0 implementation in OpenSSL\n did not properly initialize data structures for block cipher\n padding. This could allow a remote attacker to obtain sensitive\n information. (CVE-2011-4576)\n\n Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\n could trigger an assert when handling an X.509 certificate containing\n certificate-extension data associated with IP address blocks or\n Autonomous System (AS) identifiers. This could allow a remote attacker\n to cause a denial of servi ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-1ubuntu4.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-1ubuntu4.6\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8k-7ubuntu8.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-5ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-5ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.15\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T00:05:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2390-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354\n CVE-2011-4576 CVE-2011-4619\n\nSeveral vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check.\n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. (Regular\n\tRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\n\tThe SSL 3.0 implementation does not properly initialize data\n\tstructures for block cipher padding, which might allow remote\n\tattackers to obtain sensitive information by decrypting the\n\tpadding data sent by an SSL peer.\n\nCVE-2011-4619\n\tThe Server Gated Cryptography (SGC) implementation in OpenSSL\n\tdoes not properly handle handshake restarts, unnecessarily\n\tsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-01-15T20:23:09", "type": "debian", "title": "[SECURITY] [DSA 2390-1] openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4619"], "modified": "2012-01-15T20:23:09", "id": "DEBIAN:DSA-2390-1:7F77A", "href": "https://lists.debian.org/debian-security-announce/2012/msg00012.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:08:54", "description": "\nSeveral vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\n\n* [CVE-2011-4108](https://security-tracker.debian.org/tracker/CVE-2011-4108)\nThe DTLS implementation performs a MAC check only if certain\n padding is valid, which makes it easier for remote attackers\n to recover plaintext via a padding oracle attack.\n* [CVE-2011-4109](https://security-tracker.debian.org/tracker/CVE-2011-4109)\nA double free vulnerability when X509\\_V\\_FLAG\\_POLICY\\_CHECK is\n enabled, allows remote attackers to cause applications crashes\n and potentially allow execution of arbitrary code by\n triggering failure of a policy check.\n* [CVE-2011-4354](https://security-tracker.debian.org/tracker/CVE-2011-4354)\nOn 32-bit systems, the operations on NIST elliptic curves\n P-256 and P-384 are not correctly implemented, potentially\n leaking the private ECC key of a TLS server. (Regular\n RSA-based keys are not affected by this vulnerability.)\n* [CVE-2011-4576](https://security-tracker.debian.org/tracker/CVE-2011-4576)\nThe SSL 3.0 implementation does not properly initialize data\n structures for block cipher padding, which might allow remote\n attackers to obtain sensitive information by decrypting the\n padding data sent by an SSL peer.\n* [CVE-2011-4619](https://security-tracker.debian.org/tracker/CVE-2011-4619)\nThe Server Gated Cryptography (SGC) implementation in OpenSSL\n does not properly handle handshake restarts, unnecessarily\n simplifying CPU exhaustion attacks.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\n\nWe recommend that you upgrade your openssl packages.\n\n\n", "cvss3": {}, "published": "2012-01-15T00:00:00", "type": "osv", "title": "openssl - several", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2011-4109"], "modified": "2022-08-10T07:08:50", "id": "OSV:DSA-2390-1", "href": "https://osv.dev/vulnerability/DSA-2390-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:08:11", "description": "Double free(), protection bypass, information leakages, DoS conditions.", "cvss3": {}, "published": "2012-01-20T00:00:00", "type": "securityvulns", "title": "OpenSSL library multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4619", "CVE-2011-4354", "CVE-2012-0027", "CVE-2012-0050", "CVE-2011-4109"], "modified": "2012-01-20T00:00:00", "id": "SECURITYVULNS:VULN:12150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12150", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:37:37", "description": "## Releases\n\n * Ubuntu 11.10 \n * Ubuntu 11.04 \n * Ubuntu 10.10 \n * Ubuntu 10.04 \n * Ubuntu 8.04 \n\n## Packages\n\n * openssl \\- Secure Socket Layer (SSL) binary and related cryptographic tools\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem \nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm \n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement \ncurves over binary fields. This could allow an attacker to determine \nprivate keys via a timing attack. This issue only affected Ubuntu 8.04 \nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve \nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread \nsafety while processing handshake messages from clients. This \ncould allow a remote attacker to cause a denial of service via \nout-of-order messages that violate the TLS protocol. This issue only \naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu \n11.04. (CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram \nTransport Layer Security (DTLS) implementation in OpenSSL performed a \nMAC check only if certain padding is valid. This could allow a remote \nattacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address \nCVE-2011-4108, the DTLS MAC check failure. This could allow a remote \nattacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that could \nbe triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This \ncould allow a remote attacker to cause a denial of service. This \nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 \nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving \nECDH or ECDHE cipher suites, used an incorrect modular reduction \nalgorithm in its implementation of the P-256 and P-384 NIST elliptic \ncurves. This could allow a remote attacker to obtain the private \nkey of a TLS server via multiple handshake attempts. This issue only \naffected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL \ndid not properly initialize data structures for block cipher \npadding. This could allow a remote attacker to obtain sensitive \ninformation. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, \ncould trigger an assert when handling an X.509 certificate containing \ncertificate-extension data associated with IP address blocks or \nAutonomous System (AS) identifiers. This could allow a remote attacker \nto cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC) \nimplementation in OpenSSL did not properly handle handshake \nrestarts. This could allow a remote attacker to cause a denial of \nservice. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL \ndid not properly handle invalid parameters. This could allow a remote \nattacker to cause a denial of service via crafted data from a TLS \nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n", "cvss3": {}, "published": "2012-02-09T00:00:00", "type": "ubuntu", "title": "OpenSSL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1945", "CVE-2011-3210", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4354", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2012-02-09T00:00:00", "id": "USN-1357-1", "href": "https://ubuntu.com/security/notices/USN-1357-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2011-4354
