ID SOL15568 Type f5 Reporter f5 Modified 2015-09-11T00:00:00
Description
Recommended Action
You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the previous table. If the Versions known to be not vulnerable column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.
For BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:
Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents.
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5
{"reporter": "f5", "published": "2014-09-05T00:00:00", "cvelist": ["CVE-2014-3510"], "title": "SOL15568 - OpenSSL vulnerability CVE-2014-3510", "objectVersion": "1.2", "type": "f5", "hash": "e7966834ccb7431a27896a1243b55f20cd5238653b310411f2b49c053849612d", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html", "bulletinFamily": "software", "hashmap": [{"hash": "38a59458590a2f44384e913865991255", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "002b7461fb00f61e85e361d806e51fc8", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "0eb416d357844925dc14284caf1ae1fe", "key": "description"}, {"hash": "a8aff055f5ba4a72563703eb6e57628c", "key": "href"}, {"hash": "0723d884d7a99d02d265aac41b6dd01f", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "452f4514e93510cee268ef0a28ab97f0", "key": "published"}, {"hash": "33553e8a2bce50b911c6bc3fb011be40", "key": "references"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "reporter"}, {"hash": "d7b14392f6dfc1f9f6731b4cb9ce5076", "key": "title"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3510"]}, {"type": "f5", "idList": ["F5:K15568"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-3510"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL15568.NASL", "REDHAT-RHSA-2014-1053.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140812.NASL", "ORACLELINUX_ELSA-2014-1053.NASL", "OPENSSL_0_9_8ZB.NASL", "SL_20140813_OPENSSL_ON_SL5_X.NASL", "DEBIAN_DLA-33.NASL", "CENTOS_RHSA-2014-1053.NASL", "OPENSSL_1_0_0N.NASL", "MANDRIVA_MDVSA-2014-158.NASL"]}, {"type": "centos", "idList": ["CESA-2014:1053", "CESA-2014:1052"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881987", "OPENVAS:1361412562310871226", "OPENVAS:1361412562310123332", "OPENVAS:1361412562310123331", "OPENVAS:702998", "OPENVAS:1361412562310841924", "OPENVAS:1361412562310881988", "OPENVAS:1361412562310871227", "OPENVAS:1361412562310120249", "OPENVAS:1361412562310882005"]}, {"type": "debian", "idList": ["DEBIAN:DLA-33-1:85002", "DEBIAN:DSA-2998-1:7D1C0"]}, {"type": "redhat", "idList": ["RHSA-2014:1053", "RHSA-2014:1054", "RHSA-2014:1052"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1053", "ELSA-2014-1653", "ELSA-2014-1052", "ELSA-2014-1652", "ELSA-2016-3621"]}, {"type": "kaspersky", "idList": ["KLA10343"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13908", "SECURITYVULNS:DOC:31682"]}, {"type": "freebsd", "idList": ["8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2"]}, {"type": "slackware", "idList": ["SSA-2014-220-01"]}, {"type": "ubuntu", "idList": ["USN-2308-1"]}, {"type": "amazon", "idList": ["ALAS-2014-391"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141008-OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201412-39"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0640-1"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}], "modified": "2016-09-26T17:23:00"}, "vulnersScore": 5.0}, "modified": "2015-09-11T00:00:00", "viewCount": 4, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 1, "affectedSoftware": [{"operator": "le", "name": "BIG-IP PSM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP PSM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Edge Clients for Apple iOS\n", "version": "2.0.2"}, {"operator": "le", "name": "BIG-IP Edge Clients for Linux\n", "version": "7110"}, {"operator": "le", "name": "BIG-IP APM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Edge Clients for MAC OS X\n", "version": "7110"}, {"operator": "le", "name": "BIG-IP Edge Gateway\n", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP ASM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP Edge Clients for Apple iOS\n", "version": "1.0.6"}, {"operator": "le", "name": "BIG-IP WOM", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP Edge Clients for Windows\n", "version": "7110"}, {"operator": "le", "name": "BIG-IP APM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Edge Clients for Android\n", "version": "2.0.5"}, {"operator": "le", "name": "BIG-IP WOM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP Edge Gateway\n", "version": "10.2.4"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP PEM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP ASM", "version": "11.3.0"}], "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "id": "SOL15568", "lastseen": "2016-09-26T17:23:00", "description": "Recommended Action\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column in the previous table. If the **Versions known to be not vulnerable** column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.\n\nFor BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:\n\n * Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n"}
{"cve": [{"lastseen": "2017-08-29T10:48:16", "bulletinFamily": "NVD", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "modified": "2017-08-28T21:34:46", "published": "2014-08-13T19:55:07", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510", "id": "CVE-2014-3510", "title": "CVE-2014-3510", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-10-12T02:11:17", "bulletinFamily": "software", "description": " \n\n\nThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. ([CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>))\n\nImpact \n\n\nA malicious server may be able to cause a denial-of-service (DoS) to clients using anonymous Diffie-Hellman (DH) ciphersuites via crafted packets.\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column in the previous table. If the **Versions known to be not vulnerable** column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.\n\nFor BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:\n\n * Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:19:00", "href": "https://support.f5.com/csp/article/K15568", "id": "F5:K15568", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-3510", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "bulletinFamily": "software", "description": "A flaw in handling DTLS anonymous EC(DH) ciphersuites was found. OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. Reported by Felix Gr\u00f6bert (Google).", "modified": "2014-08-06T00:00:00", "published": "2014-08-06T00:00:00", "id": "OPENSSL:CVE-2014-3510", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-3510)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:19:50", "bulletinFamily": "scanner", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i\nallows remote DTLS servers to cause a denial of service (NULL pointer\ndereference and client application crash) via a crafted handshake\nmessage in conjunction with a (1) anonymous DH or (2) anonymous ECDH\nciphersuite.", "modified": "2019-01-04T00:00:00", "published": "2014-10-10T00:00:00", "id": "F5_BIGIP_SOL15568.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78196", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL15568)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15568.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78196);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2014-3510\");\n script_bugtraq_id(69082);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (SOL15568)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i\nallows remote DTLS servers to cause a denial of service (NULL pointer\ndereference and client application crash) via a crafted handshake\nmessage in conjunction with a (1) anonymous DH or (2) anonymous ECDH\nciphersuite.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15568\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15568.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15568\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.0\",\"11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:34", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.", "modified": "2018-11-10T00:00:00", "published": "2014-08-14T00:00:00", "id": "REDHAT-RHSA-2014-1053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77195", "title": "RHEL 5 : openssl (RHSA-2014:1053)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1053. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77195);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_xref(name:\"RHSA\", value:\"2014:1053\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2014:1053)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140605.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3505\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1053\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:41:51", "bulletinFamily": "scanner", "description": "This OpenSSL update fixes the following security issue :\n\n - Information leak in pretty printing functions.\n (CVE-2014-3508). (bnc#890764)\n\n - Double Free when processing DTLS packets.\n (CVE-2014-3505). (bnc#890767)\n\n - DTLS memory exhaustion. (CVE-2014-3506). (bnc#890768)\n\n - DTLS memory leak from zero-length fragments.\n (CVE-2014-3507). (bnc#890769)\n\n - DTLS anonymous EC(DH) denial of service (CVE-2014-3510).\n (bnc#890770)", "modified": "2015-01-28T00:00:00", "published": "2014-08-21T00:00:00", "id": "SUSE_11_LIBOPENSSL-DEVEL-140812.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77299", "title": "SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9598)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77299);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/01/28 19:00:58 $\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9598)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This OpenSSL update fixes the following security issue :\n\n - Information leak in pretty printing functions.\n (CVE-2014-3508). (bnc#890764)\n\n - Double Free when processing DTLS packets.\n (CVE-2014-3505). (bnc#890767)\n\n - DTLS memory exhaustion. (CVE-2014-3506). (bnc#890768)\n\n - DTLS memory leak from zero-length fragments.\n (CVE-2014-3507). (bnc#890769)\n\n - DTLS anonymous EC(DH) denial of service (CVE-2014-3510).\n (bnc#890770)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=890764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=890767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=890768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=890769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=890770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3505.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3506.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3510.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9598.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-hmac-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-doc-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.62.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2014:1053 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.", "modified": "2015-12-01T00:00:00", "published": "2014-08-14T00:00:00", "id": "ORACLELINUX_ELSA-2014-1053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77192", "title": "Oracle Linux 5 : openssl (ELSA-2014-1053)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1053 and \n# Oracle Linux Security Advisory ELSA-2014-1053 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77192);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:25:14 $\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_bugtraq_id(67899, 67901, 69075, 69076, 69081, 69082);\n script_xref(name:\"RHSA\", value:\"2014:1053\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2014-1053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1053 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-August/004363.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:31", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zb. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)", "modified": "2018-07-16T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENSSL_0_9_8ZB.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77086", "title": "OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77086);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3510\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69078,\n 69081,\n 69082\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zb. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-0.9.8-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8zb or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zb', min:\"0.9.8\", severity:SECURITY_HOLE);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:34", "bulletinFamily": "scanner", "description": "Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.", "modified": "2018-11-10T00:00:00", "published": "2014-08-14T00:00:00", "id": "CENTOS_RHSA-2014-1053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77188", "title": "CentOS 5 : openssl (CESA-2014:1053)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1053 and \n# CentOS Errata and Security Advisory 2014:1053 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77188);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_bugtraq_id(67899, 67901, 69075, 69076, 69081, 69082);\n script_xref(name:\"RHSA\", value:\"2014:1053\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2014:1053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4a7f3d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:08", "bulletinFamily": "scanner", "description": "Detailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv/20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe 'checkrestart' tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2018-07-06T00:00:00", "published": "2015-03-26T00:00:00", "id": "DEBIAN_DLA-33.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82181", "title": "Debian DLA-33-1 : openssl security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-33-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82181);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_bugtraq_id(69075, 69076, 69078, 69081, 69082);\n\n script_name(english:\"Debian DLA-33-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Detailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv/20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe 'checkrestart' tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/08/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze17\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze17\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze17\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze17\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze17\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:34", "bulletinFamily": "scanner", "description": "It was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.", "modified": "2018-12-28T00:00:00", "published": "2014-08-15T00:00:00", "id": "SL_20140813_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77215", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77215);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/28 10:10:35\");\n\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=1068\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e997f32\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-27.el5_10.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:32", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)", "modified": "2018-07-16T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENSSL_1_0_0N.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77087", "title": "OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77087);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69078,\n 69081,\n 69082,\n 69084\n );\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0n Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.0-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.0n or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0n', min:\"1.0.0\", severity:SECURITY_HOLE);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:32", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. Applications may be affected if they echo pretty\nprinting output to the attacker. OpenSSL SSL/TLS clients and servers\nthemselves are not affected (CVE-2014-3508).\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory (CVE-2014-3509).\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack (CVE-2014-3505).\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack (CVE-2014-3506).\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack (CVE-2014-3507).\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages (CVE-2014-3510).\n\nThe updated packages have been upgraded to the 1.0.0n version where\nthese security flaws has been fixed.", "modified": "2018-07-19T00:00:00", "published": "2014-08-09T00:00:00", "id": "MANDRIVA_MDVSA-2014-158.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77097", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2014:158)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:158. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77097);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\");\n script_bugtraq_id(69075, 69076, 69078, 69081, 69082, 69084);\n script_xref(name:\"MDVSA\", value:\"2014:158\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2014:158)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. Applications may be affected if they echo pretty\nprinting output to the attacker. OpenSSL SSL/TLS clients and servers\nthemselves are not affected (CVE-2014-3508).\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory (CVE-2014-3509).\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack (CVE-2014-3505).\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack (CVE-2014-3506).\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack (CVE-2014-3507).\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages (CVE-2014-3510).\n\nThe updated packages have been upgraded to the 1.0.0n version where\nthese security flaws has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0n-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0n-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0n-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0n-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openssl-1.0.0n-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1053\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1053.html", "modified": "2014-08-13T19:52:24", "published": "2014-08-13T19:52:24", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html", "id": "CESA-2014:1053", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2014:1052\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1052.html", "modified": "2014-08-13T20:25:33", "published": "2014-08-13T20:10:43", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html", "id": "CESA-2014:1052", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:53:39", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-04-06T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881987", "title": "CentOS Update for openssl CESA-2014:1053 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1053 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881987\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:51 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\",\n \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1053 centos5 \");\n\n tag_insight = \"OpenSSL is a toolkit that implemnts the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1053\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-August/020487.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1053", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123332", "title": "Oracle Linux Local Check: ELSA-2014-1053", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1053.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123332\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:23 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1053\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1053 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1053\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1053.html\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:14:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871226", "title": "RedHat Update for openssl RHSA-2014:1053-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1053-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871226\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:26 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1053-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1053-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00027.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~27.el5_10.4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:43", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1052", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123331", "title": "Oracle Linux Local Check: ELSA-2014-1052", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1052.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123331\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1052\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1052 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1052\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1052.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:19", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "modified": "2017-07-11T00:00:00", "published": "2014-08-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702998", "id": "OPENVAS:702998", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702998);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310841924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841924", "title": "Ubuntu Update for openssl USN-2308-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2308_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for openssl USN-2308-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841924\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:02:31 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\",\n \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2308-1\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Adam Langley and Wan-Teh Chang discovered that OpenSSL\nincorrectly handled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service.\n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Grö bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamä ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2308-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2308-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.20\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:53", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-04-06T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881988", "title": "CentOS Update for openssl CESA-2014:1052 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881988\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:57 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos6 \");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\";\n\n tag_affected = \"openssl on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:1052\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:32:57", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120249", "title": "Amazon Linux Local Check: ALAS-2014-391", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-391.nasl 6715 2017-07-13 09:57:40Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120249\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:23 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-391\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3512\", \"CVE-2014-3511\", \"CVE-2014-3510\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1i~1.78.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871227", "title": "RedHat Update for openssl RHSA-2014:1052-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1052-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871227\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:31 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1052-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1052-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:30", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2014-1653", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123278", "title": "Oracle Linux Local Check: ELSA-2014-1653", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1653.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123278\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1653\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1653 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1653\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1653.html\");\n script_cve_id(\"CVE-2014-3566\", \"CVE-2014-0221\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3508\", \"CVE-2014-3510\", \"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~31.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:29", "bulletinFamily": "unix", "description": "Package : openssl\nVersion : 0.9.8o-4squeeze17\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3510\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n", "modified": "2014-08-07T20:36:26", "published": "2014-08-07T20:36:26", "id": "DEBIAN:DLA-33-1:85002", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00007.html", "title": "[DLA 33-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:02", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2998-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nAugust 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 \n CVE-2014-5139\n\nMultiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-08-06T23:45:18", "published": "2014-08-06T23:45:18", "id": "DEBIAN:DSA-2998-1:7D1C0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00180.html", "title": "[SECURITY] [DSA 2998-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:15", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2017-09-08T12:08:28", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1053", "href": "https://access.redhat.com/errata/RHSA-2014:1053", "type": "redhat", "title": "(RHSA-2014:1053) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:46:05", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted or the\nsystem rebooted.\n", "modified": "2015-04-24T14:17:46", "published": "2014-08-14T04:00:00", "id": "RHSA-2014:1054", "href": "https://access.redhat.com/errata/RHSA-2014:1054", "type": "redhat", "title": "(RHSA-2014:1054) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:41:25", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:27", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1052", "href": "https://access.redhat.com/errata/RHSA-2014:1052", "type": "redhat", "title": "(RHSA-2014:1052) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:42", "bulletinFamily": "unix", "description": "[0.9.8e-27.4]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1053", "href": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:18", "bulletinFamily": "unix", "description": "[0.9.8e-31]\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[0.9.8e-30]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-29]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-28]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1653", "href": "http://linux.oracle.com/errata/ELSA-2014-1653.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:47", "bulletinFamily": "unix", "description": "[1.0.1e-34.4]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation", "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1052", "href": "http://linux.oracle.com/errata/ELSA-2014-1052.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:47:51", "bulletinFamily": "unix", "description": "[1.0.1e-30.2]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped", "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1652", "href": "http://linux.oracle.com/errata/ELSA-2014-1652.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:27", "bulletinFamily": "unix", "description": "[1.0.1e-48.3]\n- fix CVE-2016-2177 - possible integer overflow\n- fix CVE-2016-2178 - non-constant time DSA operations\n- fix CVE-2016-2179 - further DoS issues in DTLS\n- fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()\n- fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue\n- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()\n- fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check\n- fix CVE-2016-6304 - unbound memory growth with OCSP status request\n- fix CVE-2016-6306 - certificate message OOB reads\n- mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to\n 112 bit effective strength\n- replace expired testing certificates\n[1.0.1e-48.1]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf\n[1.0.1e-48]\n- fix CVE-2016-0702 - side channel attack on modular exponentiation\n- fix CVE-2016-0705 - double-free in DSA private key parsing\n- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n[1.0.1e-47]\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[1.0.1e-46]\n- fix 1-byte memory leak in pkcs12 parse (#1229871)\n- document some options of the speed command (#1197095)\n[1.0.1e-45]\n- fix high-precision timestamps in timestamping authority\n[1.0.1e-44]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n[1.0.1e-43]\n- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n- fix CVE-2015-3196 - race condition when handling PSK identity hint\n[1.0.1e-42]\n- fix regression caused by mistake in fix for CVE-2015-1791\n[1.0.1e-41]\n- improved fix for CVE-2015-1791\n- add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n[1.0.1e-40]\n- fix CVE-2014-8176 - invalid free in DTLS buffering code\n- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n- fix CVE-2015-1791 - race condition handling NewSessionTicket\n- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n[1.0.1e-39]\n- fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on\n read in multithreaded applications\n[1.0.1e-38]\n- fix CVE-2015-4000 - prevent the logjam attack on client - restrict\n the DH key size to at least 768 bits (limit will be increased in future)\n[1.0.1e-37]\n- drop the AES-GCM restriction of 2^32 operations because the IV is\n always 96 bits (32 bit fixed field + 64 bit invocation field)\n[1.0.1e-36]\n- update fix for CVE-2015-0287 to what was released upstream\n[1.0.1e-35]\n- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()\n- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference\n- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n- fix CVE-2015-0292 - integer underflow in base64 decoder\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n[1.0.1e-34]\n- copy digest algorithm when handling SNI context switch\n- improve documentation of ciphersuites - patch by Hubert Kario\n- add support for setting Kerberos service and keytab in\n s_server and s_client\n[1.0.1e-33]\n- fix CVE-2014-3570 - incorrect computation in BN_sqr()\n- fix CVE-2014-3571 - possible crash in dtls1_get_record()\n- fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n- fix CVE-2014-8275 - various certificate fingerprint issues\n- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export\n ciphersuites and on server\n- fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n- fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n[1.0.1e-32]\n- use FIPS approved method for computation of d in RSA\n[1.0.1e-31]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped\n[1.0.1e-16]\n- do not advertise ECC curves we do not support\n- fix CPU identification on Cyrix CPUs\n[1.0.1e-15]\n- make DTLS1 work in FIPS mode\n- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode\n[1.0.1e-14]\n- installation of dracut-fips marks that the FIPS module is installed\n[1.0.1e-13]\n- avoid dlopening libssl.so from libcrypto\n[1.0.1e-12]\n- fix small memory leak in FIPS aes selftest\n- fix segfault in openssl speed hmac in the FIPS mode\n[1.0.1e-11]\n- document the nextprotoneg option in manual pages\n original patch by Hubert Kario\n[1.0.1e-9]\n- always perform the FIPS selftests in library constructor\n if FIPS module is installed\n[1.0.1e-8]\n- fix use of rdrand if available\n- more commits cherry picked from upstream\n- documentation fixes\n[1.0.1e-7]\n- additional manual page fix\n- use symbol versioning also for the textual version\n[1.0.1e-6]\n- additional manual page fixes\n- cleanup speed command output for ECDH ECDSA\n[1.0.1e-5]\n- use _prefix macro\n[1.0.1e-4]\n- add relro linking flag\n[1.0.1e-2]\n- add support for the -trusted_first option for certificate chain verification\n[1.0.1e-1]\n- rebase to the 1.0.1e upstream version\n[1.0.0-28]\n- fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)\n- fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)\n- enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB\n environment variable is set (fixes CVE-2012-4929 #857051)\n- use __secure_getenv() everywhere instead of getenv() (#839735)\n[1.0.0-27]\n- fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645)\n- drop superfluous lib64 fixup in pkgconfig .pc files (#770872)\n- force BIO_accept_new(*:\n) to listen on IPv4\n[1.0.0-26]\n- use PKCS#8 when writing private keys in FIPS mode as the old\n PEM encryption mode is not FIPS compatible (#812348)\n[1.0.0-25]\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n[1.0.0-24]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)\n[1.0.0-23]\n- fix problem with the SGC restart patch that might terminate handshake\n incorrectly\n- fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)\n- fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)\n[1.0.0-22]\n- fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes\n[1.0.0-21]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)\n[1.0.0-20]\n- fix x86cpuid.pl - patch by Paolo Bonzini\n[1.0.0-19]\n- add known answer test for SHA2 algorithms\n[1.0.0-18]\n- fix missing initialization of a variable in the CHIL engine (#740188)\n[1.0.0-17]\n- initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207\n (#736087)\n[1.0.0-16]\n- merge the optimizations for AES-NI, SHA1, and RC4 from the intelx\n engine to the internal implementations\n[1.0.0-15]\n- better documentation of the available digests in apps (#693858)\n- backported CHIL engine fixes (#693863)\n- allow testing build without downstream patches (#708511)\n- enable partial RELRO when linking (#723994)\n- add intelx engine with improved performance on new Intel CPUs\n- add OPENSSL_DISABLE_AES_NI environment variable which disables\n the AES-NI support (does not affect the intelx engine)\n[1.0.0-14]\n- use the AES-NI engine in the FIPS mode\n[1.0.0-11]\n- add API necessary for CAVS testing of the new DSA parameter generation\n[1.0.0-10]\n- fix OCSP stapling vulnerability - CVE-2011-0014 (#676063)\n- correct the README.FIPS document", "modified": "2016-09-27T00:00:00", "published": "2016-09-27T00:00:00", "id": "ELSA-2016-3621", "href": "http://linux.oracle.com/errata/ELSA-2016-3621.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:38", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz", "modified": "2014-08-08T14:22:00", "published": "2014-08-08T14:22:00", "id": "SSA-2014-220-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587", "title": "openssl", "type": "slackware", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:34:29", "bulletinFamily": "info", "description": "### *Detect date*:\n08/07/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nStunnel versions 5.02 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Stunnel changelog](<https://www.stunnel.org/sdf_ChangeLog.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Stunnel](<https://threats.kaspersky.com/en/product/Stunnel/>)\n\n### *CVE-IDS*:\n[CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>) \n[CVE-2014-3509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509>) \n[CVE-2014-3511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511>) \n[CVE-2014-5139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139>) \n[CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>) \n[CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>) \n[CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>) \n[CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>) \n[CVE-2014-3512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512>)", "modified": "2019-02-13T00:00:00", "published": "2014-08-07T00:00:00", "id": "KLA10343", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10343", "title": "\r KLA10343Multiple vulnerabilities in Stunnel ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "DoS and protocol version downgrades in client and server code, memory corruptions and information leaks in client code.", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "SECURITYVULNS:VULN:13908", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13908", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities\r\n\r\nEMC Identifier: ESA-2015-002\r\n \t\r\nCVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231, CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913,CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798, CVE-2013-4242, CVE-2014-0138, CVE-2014-0139, CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2012-6085, CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410 , CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2010-5107, CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2013-2005, CVE-2013-2002, CVE-2014-0092, CVE-2014-0015, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244,\r\nCVE-2014-4216, CVE-2011-0020, CVE-2011-0064, CVE-2014-3638, CVE-2014-3639, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-4330, CVE-2014-3613, CVE-2014-3620, CVE-2015-0512\r\n\r\nSeverity Rating: View details below for CVSSv2 scores\r\n\r\nAffected products: \r\nUnisphere Central versions prior to 4.0\r\n\r\nSummary: \r\nUnisphere Central requires an update to address various security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.\r\n\r\nDetails: \r\nUnisphere Central requires an update to address various security vulnerabilities:\r\n\r\n1.\tUnvalidated Redirect Vulnerability (CVE-2015-0512)\r\n\r\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.\r\n\r\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\r\n\r\n2.\tMultiple Embedded Component Vulnerabilities\r\n\r\nThe following vulnerabilities affecting multiple embedded components were addressed:\r\n\r\n\u2022\tPostgreSQL (CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902)\r\n\u2022\tApache Tomcat HTTP Digest Access Bypass (CVE-2012-5885)\r\n\u2022\tSSL3.0/TLS1.0 Weak CBC Mode Vulnerability (CVE-2011-3389)\r\n\u2022\tSUSE Kernel Updates (CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231,CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913, CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798)\r\n\u2022\tLibgcrypt (CVE-2013-4242)\r\n\u2022\tcURL/libcURL Multiple Vulnerabilities (CVE-2014-0138, CVE-2014-0139, CVE-2014-0015, CVE-2014-3613, CVE-2014-3620)\r\n\u2022\tOpenSSL Multiple Vulnerabilities (CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566)\r\n\u2022\tGNU Privacy Guard (GPG2) Update (CVE-2012-6085)\r\n\u2022\tJava Runtime Environment (CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410, CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244, CVE-2014-4216)\r\n\u2022\tOpenSSH Denial of Service (CVE-2010-5107)\r\n\u2022\tNetwork Security Services (NSS) Update (CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\r\n\u2022\t Xorg-X11 Update (CVE-2013-2005, CVE-2013-2002)\r\n\u2022\tGnuTLS SSL Verification Vulnerability (CVE-2014-0092)\r\n\u2022\tPango Security Update (CVE-2011-0020, CVE-2011-0064)\r\n\u2022\tD-Bus Denial of Service (CVE-2014-3638,CVE-2014-3639)\r\n\u2022\tPerl Denial of Service (CVE-2014-4330)\r\nCVSSv2 Base Score: Refer to NVD (http://nvd.nist.gov) for individual scores for each CVE listed above\r\n\r\nFor more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the NVD database\u2019s search utility at http://web.nvd.nist.gov/view/vuln/search\r\n\r\nResolution: \r\nThe following Unisphere Central release contains resolutions to the above issues:\r\n\u2022\tUnisphere Central version 4.0.\r\n\r\nEMC strongly recommends all customers upgrade at the earliest opportunity. Contact EMC Unisphere Central customer support to download the required upgrades. \r\n\r\nLink to remedies:\r\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/products/28224_Unisphere-Central\r\n\r\n\r\nIf you have any questions, please contact EMC Support.\r\n\r\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \r\n\r\n\r\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.\r\n\r\nEMC Product Security Response Center\r\nsecurity_alert@emc.com\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlTKSaIACgkQtjd2rKp+ALzINgCg01qlCrN0carogi8MwnbjGNrP\r\n6oIAnRiS6bIIqnGmGN0c+ayX74Qad4vY\r\n=5UIE\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31682", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31682", "title": "ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:48", "bulletinFamily": "unix", "description": "\nThe OpenSSL Project reports:\n\nA flaw in OBJ_obj2txt may cause pretty printing functions\n\t such as X509_name_oneline, X509_name_print_ex et al. to leak\n\t some information from the stack. [CVE-2014-3508]\nThe issue affects OpenSSL clients and allows a malicious\n\t server to crash the client with a null pointer dereference\n\t (read) by specifying an SRP ciphersuite even though it was\n\t not properly negotiated with the client. [CVE-2014-5139]\nIf a multithreaded client connects to a malicious server\n\t using a resumed session and the server sends an ec point\n\t format extension it could write up to 255 bytes to freed\n\t memory. [CVE-2014-3509]\nAn attacker can force an error condition which causes\n\t openssl to crash whilst processing DTLS packets due to\n\t memory being freed twice. This can be exploited through\n\t a Denial of Service attack. [CVE-2014-3505]\nAn attacker can force openssl to consume large amounts\n\t of memory whilst processing DTLS handshake messages.\n\t This can be exploited through a Denial of Service\n\t attack. [CVE-2014-3506]\nBy sending carefully crafted DTLS packets an attacker\n\t could cause openssl to leak memory. This can be exploited\n\t through a Denial of Service attack. [CVE-2014-3507]\nOpenSSL DTLS clients enabling anonymous (EC)DH\n\t ciphersuites are subject to a denial of service attack.\n\t A malicious server can crash the client with a null pointer\n\t dereference (read) by specifying an anonymous (EC)DH\n\t ciphersuite and sending carefully crafted handshake\n\t messages. [CVE-2014-3510]\nA flaw in the OpenSSL SSL/TLS server code causes the\n\t server to negotiate TLS 1.0 instead of higher protocol\n\t versions when the ClientHello message is badly\n\t fragmented. This allows a man-in-the-middle attacker\n\t to force a downgrade to TLS 1.0 even if both the server\n\t and the client support a higher protocol version, by\n\t modifying the client's TLS records. [CVE-2014-3511]\nA malicious client or server can send invalid SRP\n\t parameters and overrun an internal buffer. Only\n\t applications which are explicitly set up for SRP\n\t use are affected. [CVE-2014-3512]\n\n", "modified": "2016-08-09T00:00:00", "published": "2014-08-06T00:00:00", "id": "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:47", "bulletinFamily": "unix", "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr\u00c3\u00b6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam\u00c3\u00a4ki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)", "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "USN-2308-1", "href": "https://usn.ubuntu.com/2308-1/", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:09", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. \n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. \n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. \n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. \n\nA race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. \n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1i-1.78.amzn1.i686 \n openssl-debuginfo-1.0.1i-1.78.amzn1.i686 \n openssl-perl-1.0.1i-1.78.amzn1.i686 \n openssl-1.0.1i-1.78.amzn1.i686 \n openssl-static-1.0.1i-1.78.amzn1.i686 \n \n src: \n openssl-1.0.1i-1.78.amzn1.src \n \n x86_64: \n openssl-static-1.0.1i-1.78.amzn1.x86_64 \n openssl-debuginfo-1.0.1i-1.78.amzn1.x86_64 \n openssl-devel-1.0.1i-1.78.amzn1.x86_64 \n openssl-1.0.1i-1.78.amzn1.x86_64 \n openssl-perl-1.0.1i-1.78.amzn1.x86_64 \n \n \n", "modified": "2014-09-19T11:59:00", "published": "2014-09-19T11:59:00", "id": "ALAS-2014-391", "href": "https://alas.aws.amazon.com/ALAS-2014-391.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2018-08-31T00:08:33", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Tue Sep 9 00:50:00 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to double free\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3505\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Denial of Service due to memory allocation of large length values\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3506\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to improper handling of the return value\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3507\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL allows attackers to obtain sensitive information\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3508\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Denial of Service due to memory overwrite\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3509\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3510\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n7. VULNERABILITY: AIX OpenSSL Man-in-the-Middle attack related to protocol downgrade issue\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3511\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n8. VULNERABILITY: AIX OpenSSL Denial of Service due to invalid SRP (1)g, (2)A or (3)B parameter\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3512\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n9. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-5139\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3505\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(application crash) via crafted DTLS packets that trigger an error condition.\n\n 2. CVE-2014-3506\n\tOpenSSL could allow remote attackers to cause a denial of service (memory \n\tconsumption) via crafted DTLS handshake messages that trigger memory \n\tallocations corresponding to large length values.\n\n 3. CVE-2014-3507\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via zero-length DTLS fragments that trigger improper \n\thandling of the return value of insert function.\n\n 4. CVE-2014-3508\n\tOpenSSL could allow context-dependent attackers to obtain sensitive information \n\tfrom process stack memory by reading output from some functions when pretty \n\tprinting is used\n\n 5. CVE-2014-3509\n\tOpenSSL could allow remote SSL servers to cause a denial of service \n\t(memory overwrite and client application crash) or possibly have unspecified \n\timpact by sending Elliptic Curve (EC) Supported Point Formats Extension data when\n\tmultithreading and session resumption are used\n\n 6. CVE-2014-3510\n\tOpenSSL could allow remote DTLS servers to cause a denial of service \n\t(NULL pointer dereference and client application crash) via a crafted \n\thandshake message in conjunction with a (1) anonymous DH or \n\t(2) anonymous ECDH ciphersuite.\n\n 7. CVE-2014-3511\n\tOpenSSL could allow man-in-the middle attacker to force the use of TLS 1.0 by \n\ttriggering ClientHello message fragmentation in communication between a \n\tclient and server that both support later TLS versions, related to a \n\t\"protocol downgrade\" issue\n\n 8. CVE-2014-3512\n\tOpenssl could allow remote attackers to cause a denial of service or possibly \n\thave unspecified impact via an invalid SRP (1)g, (2)A or (3)B parameter\n\n 9. CVE-2014-5139\n\tOpenSSL could allow SSL servers to cause a denial of service (NULL pointer \n\tdeference and client application crash) through a ServerHello message that \n\tinclude an SRP ciphersuite without the required negotiation of that \n\tciphersuite with the client\n\nII. CVSS\n\n 1. CVE-2014-3505\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95163\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3506\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95160\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3507\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95161\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-3508\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95165\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3509\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95159\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 6. CVE-2014-3510\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95164\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 7. CVE-2014-3511\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95162\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 8. CVE-2014-3512\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95158\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 9. CVE-2014-5139\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95166\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n\n B. CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n openssl.base 0.9.8.401 0.9.8.2502\n openssl.base 12.9.8.1100 12.9.8.2502\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix10.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name\n -------------------------------------------------------------------\n 5.3, 6.1, 7.1 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 5.3, 6.1, 7.1 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 5.3, 6.1, 7.1 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name\n -------------------------------------------------------------------\n 2.2.* 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 2.2.* 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 2.2.* 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix10.tar\n cd openssl_fix10\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t4b5dcf19fbe1068b65b9ecc125d098fcf6f2077971e80c8da7bdfb2260554bd6 \t101_fix.140902.epkg.Z\n\t 834ff7e39d65c98eb7d96b877eab5c2f3ce9922d6ee5b8278358ae6b86d6ab87\t098_fix.140902.epkg.Z\n\t 749536a5247176e8074ba1ec289426cbd4b484c9925ce17a66b411fad2e90841\t1298_fix.140902.epkg.Z\n\n\t These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig \n\n\t openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2503, 12.9.8.2503 and 1.0.1.512.\n\t\n These filesets will be made available by 10th October 2014 and can be downloaded from - \n\n\t https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95163\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95160\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95161\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95165\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95159\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95164\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95162\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95158\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95166\n CVE-2014-3505 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n CVE-2014-3506 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n CVE-2014-3507 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n CVE-2014-3508 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n CVE-2014-3509 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n CVE-2014-3510 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n CVE-2014-3511 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n CVE-2014-3512 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n CVE-2014-5139 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "modified": "2014-09-09T00:50:00", "published": "2014-09-09T00:50:00", "id": "OPENSSL_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", "title": "AIX OpenSSL Denial of Service due to double free and others", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "huawei": [{"lastseen": "2019-02-01T18:01:48", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2015-03-11T00:00:00", "published": "2014-10-08T00:00:00", "id": "HUAWEI-SA-20141008-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-372998", "title": "Security Advisory-9 OpenSSL vulnerabilities on Huawei products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1j\"\n \n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8z_p2\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "modified": "2015-06-06T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-39", "href": "https://security.gentoo.org/glsa/201412-39", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:32:46", "bulletinFamily": "unix", "description": "This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was\n vulnerable to a cross-protocol attack that could lead to decryption of\n TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites\n as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be reenabled if\n required by old legacy software using the environment variable\n "OPENSSL_ALLOW_EXPORT".\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions\n had a bug that could result in an attempt to de-reference a NULL pointer\n leading to crashes. This could have security consequences if these\n functions were ever called by user applications with large untrusted\n hex/decimal data. Also, internal usage of these functions in OpenSSL\n uses data from config files or application command line arguments. If\n user developed applications generated config file data based on\n untrusted data, then this could have had security consequences as well.\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr()\n and doapr_outch() functions could miscalculate the length of a string\n and attempt to access out-of-bounds memory locations. These problems\n could have enabled attacks where large amounts of untrusted data is\n passed to the BIO_*printf functions. If applications use these functions\n in this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1 data.\n Therefore applications that print this data could have been vulnerable\n if the data is from untrusted sources. OpenSSL command line applications\n could also have been vulnerable when they print out ASN.1 data, or if\n untrusted data is passed as command line arguments. Libssl is not\n considered directly vulnerable.\n\n\n - The package was updated to 0.9.8zh:\n * fixes many security vulnerabilities (not seperately listed):\n CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287,\n CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,\n CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204,\n CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568,\n CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,\n CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221,\n CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169,\n CVE-2013-0166\n\n - avoid running OPENSSL_config twice. This avoids breaking engine loading.\n (boo#952871, boo#967787)\n\n - fix CVE-2015-3197 (boo#963415)\n * SSLv2 doesn't block disabled ciphers\n\n", "modified": "2016-03-03T14:11:44", "published": "2016-03-03T14:11:44", "id": "OPENSUSE-SU-2016:0640-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "type": "suse", "title": "Security update for libopenssl0_9_8 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "lenovo": [{"lastseen": "2019-02-17T16:36:53", "bulletinFamily": "info", "description": "**Lenovo Security Advisory:** LEN-24443\n\n**Potential Impact:** Elevation of Privilege, Denial of Service, Information Disclosure\n\n**Severity:** High \n\n**Scope of Impact:** Systems with specific versions of Intel\u00ae PROSet/Wireless WiFi Software\n\n**CVE Identifier:** CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135, CVE-2008-5077, CVE-2008-7270, CVE-2009-0590, CVE-2009-0789, CVE-2009-1377, CVE-2009-1378, CVE-2009-1386, CVE-2009-1387, CVE-2009-2409, CVE-2009-3245, CVE-2009-4355, CVE-2010-0433, CVE-2010-0742, CVE-2010-4180, CVE-2010-4252, CVE-2010-5298, CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3566, CVE-2017-3735 \n\n**Summary Description: **\n\nDue to vulnerabilities in OpenSSL version 0.9.8e compiled into the Cisco Compatible eXtensions (CCX) component, which is part of the Intel\u00ae PROSet/Wireless WiFi Software, Intel is announcing End-of-Life (EOL) support for CCX. The CCX component has been removed from the Intel\u00ae PROSet/Wireless WiFi Software v20.90.0.7 for Microsoft Windows 7, 8.1, and 10.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself): **\n\nIntel recommends updating to the Intel\u00ae PROSet/Wireless WiFi Software version indicated for your model in the Product Impact section below.\n\nIf enterprise customers still require CCX functionality (specifically one of the EAP authentication methods that are included with the CCX component), Intel recommends enterprise customers to consider the following available solution:\n\n * Network Access Manager (NAM) as part of Cisco AnyConnect Secure Mobility Client software\n\n<https://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobilityclient/tsd-products-support-series-home.html>\n\n**Product Impact:**\n", "modified": "2019-01-23T13:06:25", "published": "2018-11-14T01:10:51", "id": "LENOVO:PS500190-NOSID", "href": "https://support.lenovo.com/us/en/solutions/len-24443", "title": "Intel\u00ae PROSet/Wireless WiFi Software - Removal of Cisco Compatible eXtensions (CCX) - NL", "type": "lenovo", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}