[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22

2015-12-14T11:54:41

Description

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	22	openssl	1.0.1k

{"id": "FEDORA:9AEBD6087C55", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22", "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "published": "2015-12-14T11:54:41", "modified": "2015-12-14T11:54:41", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QOD6AFNI4IWSDTGNERZOQ3GXHYVMDLOK/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "immutableFields": [], "lastseen": "2020-12-21T08:17:53", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY15.ASC"]}, {"type": "amazon", "idList": ["ALAS-2015-614"]}, {"type": "apple", "idList": ["APPLE:87561C7576B031D8E8098D98D5BACF41", "APPLE:B767E2D26FA517686D44D7106CA489EB", "APPLE:E110ECBEC1B5F4EBE4C6799FF1A4F4E0", "APPLE:HT206167", "APPLE:HT207268", "APPLE:HT209139"]}, {"type": "archlinux", "idList": ["ASA-201512-2"]}, {"type": "centos", "idList": ["CESA-2015:2616", "CESA-2015:2617"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0119"]}, {"type": "cisco", "idList": ["CISCO-SA-20151204-OPENSSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:FD6E339752BA328AA16F0962172B55EF"]}, {"type": "cve", "idList": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"]}, {"type": "debian", "idList": ["DEBIAN:DLA-358-1:3BE9B", "DEBIAN:DSA-3413-1:0CE34", "DEBIAN:DSA-3413-1:12F1F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-3194", "DEBIANCVE:CVE-2015-3195", "DEBIANCVE:CVE-2015-3196"]}, {"type": "f5", "idList": ["F5:K12824341", "F5:K55540723", "F5:K86772626", "SOL12824341", "SOL55540723", "SOL86772626", "SOL90542710"]}, {"type": "fedora", "idList": ["FEDORA:3AA44605DCD5"]}, {"type": "fortinet", "idList": ["FG-IR-15-023"]}, {"type": "freebsd", "idList": ["215E740E-9C56-11E5-90E7-B499BAEBFEAF", "4C8D1D72-9B38-11E5-AECE-D050996490D0", "8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201601-05"]}, {"type": "ibm", "idList": ["0AB5A9CCDFB8C604D4ADAAA64BE06DEC4E17E1D4FDDE56566BA83011AF4C59A2", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "19836CFD4B17D54261C87EA5080CE00A6A0B8431CD9312140526446DBADCF9AE", "257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "58E33C1549EB4DBC850E6823A153E89AA2B58543688B7109103E107A7E7D2EBE", "5EB502607883E6A042D2D4DC60A0E2A2ACAB576C3EB0BB62E9770B79899F0725", "6A3D77C5871370931B8EF09D751C43CB7D88D1F4949B0388D3B5C4A8EB90C83D", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "84E0BEE9973FCBC3D8D232CD96873AA330BDE3D9C599AC490D65C4DB3B787E3B", "922EFBBDA61CEA5F06FEE645F9FC8A4115B16B25207269DCDB61AC82E84A7B13", "A497A1D974C650B87F954ABAF14686E1BAFCAD11CD42DB8BF1350373B7FB738E", "AACF6F6443D6B1F43A3B1EB2158C0974A7E3740F82735809A14DB68D406E34ED", "BA3DDD51DFB033E18FF49D92126084AE511DAC47EEB0E94DF2D74FF080666A8A", "C138C333E90DCA6AA63BD629BDB1BDDA88BA738775F97FDCB002A66BEFF89FDD", "C7AD01ED8396F848695B894C5031106AF62D73B726EC65BEE5BFFADBBB267B14", "D4C14A34EC1B00D3147200FDC14C4DDC167ED501429795B352A596233DEA1967", "D8B250863238C046A54C09A85C8009F596E399D1BC415C09F32178FDB4C792F4"]}, {"type": "kaspersky", "idList": ["KLA10794", "KLA10798"]}, {"type": "nessus", "idList": ["700518.PRM", "9238.PRM", "9259.PRM", "9327.PRM", "AIX_OPENSSL_ADVISORY15.NASL", "ALA_ALAS-2015-614.NASL", "BLUECOAT_PROXY_AV_3_5_4_1.NASL", "CENTOS_RHSA-2015-2616.NASL", "CENTOS_RHSA-2015-2617.NASL", "CISCO_ANYCONNECT_CSCUX41420.NASL", "CISCO_SECURITY_MANAGER_CSCUX41352.NASL", "DEBIAN_DLA-358.NASL", "DEBIAN_DSA-3413.NASL", "EULEROS_SA-2019-1861.NASL", "F5_BIGIP_SOL12824341.NASL", "F5_BIGIP_SOL55540723.NASL", "F5_BIGIP_SOL86772626.NASL", "FEDORA_2015-605DE37B7F.NASL", "FEDORA_2015-D87D60B9A9.NASL", "FREEBSD_PKG_215E740E9C5611E590E7B499BAEBFEAF.NASL", "FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL", "FREEBSD_PKG_8C2B2F110EBE11E6B55EB499BAEBFEAF.NASL", "GENTOO_GLSA-201601-05.NASL", "HPSMH_7_5_5.NASL", "JUNIPER_JSA10759.NASL", "MACOSX_10_11_4.NASL", "MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL", "MACOSX_XCODE_81.NASL", "MACOS_10_14.NASL", "MYSQL_5_6_29.NASL", "MYSQL_5_6_29_RPM.NASL", "MYSQL_5_7_11.NASL", "MYSQL_5_7_11_RPM.NASL", "MYSQL_ES_5_6_29.NASL", "OPENSSL_0_9_8ZH.NASL", "OPENSSL_1_0_0T.NASL", "OPENSSL_1_0_1P.NASL", "OPENSSL_1_0_1Q.NASL", "OPENSSL_1_0_2D.NASL", "OPENSSL_1_0_2E.NASL", "OPENSUSE-2015-908.NASL", "OPENSUSE-2015-911.NASL", "OPENSUSE-2015-916.NASL", "OPENSUSE-2015-940.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-604.NASL", "OPENSUSE-2016-607.NASL", "ORACLELINUX_ELSA-2015-2616.NASL", "ORACLELINUX_ELSA-2015-2617.NASL", "ORACLEVM_OVMSA-2015-0155.NASL", "ORACLEVM_OVMSA-2016-0001.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2016-0071.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2016.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "PFSENSE_SA-15_11.NASL", "REDHAT-RHSA-2015-2616.NASL", "REDHAT-RHSA-2015-2617.NASL", "SCREENOS_JSA10733.NASL", "SECURITYCENTER_OPENSSL_1_0_1Q.NASL", "SLACKWARE_SSA_2015-349-04.NASL", "SL_20151214_OPENSSL_ON_SL5_X.NASL", "SL_20151214_OPENSSL_ON_SL6_X.NASL", "SUSE_SU-2015-2230-1.NASL", "SUSE_SU-2015-2237-1.NASL", "SUSE_SU-2015-2251-1.NASL", "SUSE_SU-2015-2275-1.NASL", "SUSE_SU-2015-2342-1.NASL", "SUSE_SU-2016-0678-1.NASL", "UBUNTU_USN-2830-1.NASL", "VIRTUALBOX_5_0_18.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2015-3194", "OPENSSL:CVE-2015-3195", "OPENSSL:CVE-2015-3196"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105605", "OPENVAS:1361412562310106284", "OPENVAS:1361412562310106285", "OPENVAS:1361412562310106286", "OPENVAS:1361412562310106353", "OPENVAS:1361412562310106619", "OPENVAS:1361412562310120604", "OPENVAS:1361412562310122803", "OPENVAS:1361412562310122804", "OPENVAS:1361412562310122888", "OPENVAS:1361412562310131144", "OPENVAS:1361412562310140019", "OPENVAS:1361412562310140020", "OPENVAS:1361412562310703413", "OPENVAS:1361412562310806651", "OPENVAS:1361412562310806652", "OPENVAS:1361412562310806655", "OPENVAS:1361412562310806656", "OPENVAS:1361412562310806693", "OPENVAS:1361412562310806816", "OPENVAS:1361412562310806817", "OPENVAS:1361412562310806988", "OPENVAS:1361412562310806991", "OPENVAS:1361412562310806992", "OPENVAS:1361412562310807598", "OPENVAS:1361412562310807923", "OPENVAS:1361412562310807965", "OPENVAS:1361412562310842552", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851316", "OPENVAS:1361412562310871520", "OPENVAS:1361412562310871521", "OPENVAS:1361412562310882337", "OPENVAS:1361412562310882339", "OPENVAS:1361412562310882340", "OPENVAS:1361412562311220191861", "OPENVAS:703413"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2016V3-2985753", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2616", "ELSA-2015-2617", "ELSA-2016-0996", "ELSA-2016-3523", "ELSA-2016-3556", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0020"]}, {"type": "redhat", "idList": ["RHSA-2015:2616", "RHSA-2015:2617", "RHSA-2016:2957"]}, {"type": "slackware", "idList": ["SSA-2015-349-04"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:1332-1", "SUSE-SU-2016:0678-1", "SUSE-SU-2016:0786-1"]}, {"type": "symantec", "idList": ["SMNTC-1338"]}, {"type": "ubuntu", "idList": ["USN-2830-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-3194", "UB:CVE-2015-3195", "UB:CVE-2015-3196"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:E110ECBEC1B5F4EBE4C6799FF1A4F4E0"]}, {"type": "centos", "idList": ["CESA-2015:2616", "CESA-2015:2617"]}, {"type": "cisco", "idList": ["CISCO-SA-20151204-OPENSSL"]}, {"type": "cve", "idList": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"]}, {"type": "debian", "idList": ["DEBIAN:DLA-358-1:3BE9B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-3196"]}, {"type": "f5", "idList": ["SOL12824341", "SOL86772626"]}, {"type": "fedora", "idList": ["FEDORA:3AA44605DCD5"]}, {"type": "fortinet", "idList": ["FG-IR-15-023"]}, {"type": "freebsd", "idList": ["8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201601-05"]}, {"type": "ibm", "idList": ["1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "AACF6F6443D6B1F43A3B1EB2158C0974A7E3740F82735809A14DB68D406E34ED", "D4C14A34EC1B00D3147200FDC14C4DDC167ED501429795B352A596233DEA1967", "D8B250863238C046A54C09A85C8009F596E399D1BC415C09F32178FDB4C792F4"]}, {"type": "kaspersky", "idList": ["KLA10798"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL12824341.NASL", "F5_BIGIP_SOL55540723.NASL", "OPENSSL_0_9_8ZH.NASL", "OPENSSL_1_0_2E.NASL", "OPENSUSE-2015-908.NASL", "OPENSUSE-2016-607.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2015-3195"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106285", "OPENVAS:1361412562310703413", "OPENVAS:1361412562310806651", "OPENVAS:1361412562310806816", "OPENVAS:1361412562310851316", "OPENVAS:1361412562310871520"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4747"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}, {"type": "redhat", "idList": ["RHSA-2015:2617"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0678-1"]}, {"type": "symantec", "idList": ["SMNTC-1338"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-3196"]}]}, "exploitation": null, "vulnersScore": 6.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "22", "arch": "any", "packageName": "openssl", "packageVersion": "1.0.1k", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"openvas": [{"lastseen": "2020-06-11T17:42:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2015:2617-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310871521", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871521", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2015:2617-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871521\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:45:09 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2015:2617-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2617-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00034.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:30", "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194 \nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195 \nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196 \nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.", "cvss3": {}, "published": "2015-12-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3413-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703413", "href": "http://plugins.openvas.org/nasl.php?oid=703413", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3413.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3413-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703413);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_name(\"Debian Security Advisory DSA 3413-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-04 00:00:00 +0100 (Fri, 04 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3413.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these\nproblems have been fixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194 \nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195 \nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196 \nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u18\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-06-11T17:41:41", "description": "Check the version of openssl", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:2617 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310882340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:2617 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882340\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:46:43 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:2617 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2617\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021519.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.el6_7.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:38", "description": "Oracle Linux Local Security Checks ELSA-2015-2617", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2617", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122803", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2617.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122803\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:50:30 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2617\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2617 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2617\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2617.html\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:42:56", "description": "Check the version of openssl", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:2617 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310882337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882337", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:2617 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882337\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:46:32 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:2617 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2617\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021523.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-11T17:42:24", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-614)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310120604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120604", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120604\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:18 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-614)\");\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194 )A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195 )A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-614.html\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~13.88.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194\nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195\nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196\nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.", "cvss3": {}, "published": "2015-12-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3413-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703413", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3413.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3413-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703413\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_name(\"Debian Security Advisory DSA 3413-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-04 00:00:00 +0100 (Fri, 04 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3413.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these\nproblems have been fixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2015-3194\nLoic Jonas Etienne of Qnective AG discovered that the signature\nverification routines will crash with a NULL pointer dereference if\npresented with an ASN.1 signature using the RSA PSS algorithm and\nabsent mask generation function parameter. A remote attacker can\nexploit this flaw to crash any certificate verification operation\nand mount a denial of service attack.\n\nCVE-2015-3195\nAdam Langley of Google/BoringSSL discovered that OpenSSL will leak\nmemory when presented with a malformed X509_ATTRIBUTE structure.\n\nCVE-2015-3196\nA race condition flaw in the handling of PSK identify hints was\ndiscovered, potentially leading to a double free of the identify\nhint data.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u18\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:amd64\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg:i386\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Mageia Linux Local Security Checks mgasa-2015-0466", "cvss3": {}, "published": "2015-12-08T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0466", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310131144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0466.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131144\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 11:03:38 +0200 (Tue, 08 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0466\");\n script_tag(name:\"insight\", value:\"If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack (CVE-2015-1794). Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. A remote attacker can exploit this flaw to crash any certificate verification operation and mount a denial of service attack (CVE-2015-3194). Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory when presented with a malformed X509_ATTRIBUTE structure (CVE-2015-3195). A race condition flaw in the handling of PSK identify hints was discovered, potentially leading to a double free of the identify hint data (CVE-2015-3196).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0466.html\");\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0466\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2e~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-23T15:09:33", "description": "Junos OS is prone to multiple vulnerabilities in OpenSSL.", "cvss3": {}, "published": "2016-10-14T00:00:00", "type": "openvas", "title": "Junos Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310106353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Junos Multiple OpenSSL Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106353\");\n script_version(\"2019-09-16T06:54:58+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 06:54:58 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-14 09:51:23 +0700 (Fri, 14 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-1794\");\n\n script_name(\"Junos Multiple OpenSSL Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in OpenSSL.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may cause a denial of service condition or obtain\nsensitive private-key information.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10759\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1F5\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R3\") < 0) &&\n (revcomp(a: version, b: \"15.1R1\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R3\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D40\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D35\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D35\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R7\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R7\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D35\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D35\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R6\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.2X51-D40\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.2X51-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.3R9\") < 0) &&\n (revcomp(a: version, b: \"13.3R1\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.3R9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^12\") {\n if ((revcomp(a: version, b: \"12.1X44-D60\") < 0) &&\n (revcomp(a: version, b: \"12.1X44\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X44-D60\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X46-D45\") < 0) &&\n (revcomp(a: version, b: \"12.1X46\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X46-D45\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X47-D35\") < 0) &&\n (revcomp(a: version, b: \"12.1X47\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X47-D35\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3R12\") < 0) &&\n (revcomp(a: version, b: \"12.3R1\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3R12\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3X48-D25\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3X48-D25\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2830-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2830-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842552\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 10:53:48 +0100 (Tue, 08 Dec 2015)\");\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2830-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Guy Leaver discovered that OpenSSL\nincorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the\nvalue of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL\nto crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10.\n(CVE-2015-1794)\n\nHanno B&#246 ck discovered that the OpenSSL Montgomery squaring procedure\nalgorithm may produce incorrect results when being used on x86_64. A remote\nattacker could possibly use this issue to break encryption. This issue only\napplied to Ubuntu 15.10. (CVE-2015-3193)\n\nLo&#239 c Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1\nsignatures with a missing PSS parameter. A remote attacker could possibly\nuse this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. A remote attacker could possibly use this issue\nto cause OpenSSL to consume resources, resulting in a denial of service.\n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. A\nremote attacker could possibly use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2830-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2830-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu11.5\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu11.5\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.16\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.32\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.2d-0ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.2d-0ubuntu1.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "description": "On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco IP Phone 8800 Series incorporate a version of the OpenSSL package affected\nby one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n(DoS) condition.", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "openvas", "title": "Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310106286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106286", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_ip_phone_cisco-sa-20151204-openssl.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106286\");\n script_version(\"$Revision: 12313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-22 10:06:54 +0700 (Thu, 22 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-1794\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cisco IP Phone 8800 Series Multiple Vulnerabilities in OpenSSL\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CISCO\");\n script_dependencies(\"gb_cisco_ip_phone_detect.nasl\");\n script_mandatory_keys(\"cisco/ip_phone/model\");\n\n script_tag(name:\"summary\", value:\"On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco IP Phone 8800 Series incorporate a version of the OpenSSL package affected\nby one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n(DoS) condition.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple OpenSSL vulnerabilities affecting Cisco IP Phone 8800 Series:\n\n - A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote\nattacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3194).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3195).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3196).\n\n - A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).\");\n\n script_tag(name:\"solution\", value:\"Update to Release 11.5(1) or later\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif (!model = get_kb_item(\"cisco/ip_phone/model\"))\n exit(0);\n\nif (model =~ \"^CP-88..\") {\n if (!version = get_kb_item(\"cisco/ip_phone/version\"))\n exit(0);\n\n version = eregmatch(pattern: \"sip88xx\\.([0-9-]+)\", string: version);\n if (version[1] && (version[1] =~ \"^10-2-1\" || version[1] =~ \"^10-2-2\")) {\n report = report_fixed_ver(installed_version: version[1], fixed_version: \"11-5-1\");\n security_message(port: 0, data: report);\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:26", "description": "Potential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX.", "cvss3": {}, "published": "2017-02-23T00:00:00", "type": "openvas", "title": "HPE Network Products Remote Denial of Service (DoS), Disclosure of Sensitive Information Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310106619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_comware_platform_hpesbhf03709.nasl 11959 2018-10-18 10:33:40Z mmartin $\n#\n# HPE Network Products Remote Denial of Service (DoS), Disclosure of Sensitive Information Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:hp:comware';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106619\");\n script_version(\"$Revision: 11959 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 12:33:40 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-23 16:00:27 +0700 (Thu, 23 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"HPE Network Products Remote Denial of Service (DoS), Disclosure of Sensitive Information Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_hp_comware_platform_detect_snmp.nasl\");\n script_mandatory_keys(\"hp/comware_device\");\n\n script_tag(name:\"summary\", value:\"Potential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the release version.\");\n\n script_xref(name:\"URL\", value:'https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322');\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork: TRUE) ) exit( 0 );\nif( ! model = get_kb_item( \"hp/comware_device/model\" ) ) exit( 0 );\nif( ! release = get_kb_item( \"hp/comware_device/release\" ) ) exit( 0 );\n\nif( model =~ '^MSR20-1(0|1|2|3|5)' ) {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nelse if (model =~ '^MSR20-(20|21|40)') {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nelse if (model =~ '^MSR30-(10|11|11E|11F|16|20|40|60)') {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nelse if (model =~ '^MSR50-(40|60)') {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nelse if (model =~ '^MSR9(0|2)0') {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nelse if (model =~ '^MSR93(0|1|3|5|6)') {\n report_fix = 'R2516';\n fix = '2516';\n}\n\nif( model =~ '^(A|A-)?125(0|1)(0|8|4)' ) {\n if( version =~ '^7\\\\.' )\n {\n report_fix = 'R7377';\n fix = '7377';\n }\n else\n {\n report_fix = 'R1829P02';\n fix = '1829P02';\n }\n}\n\nelse if (model =~ '^(A|A-)?105(00|08|04|12)' || model =~ 'FF 1190(0|8)') {\n if( version =~ '^7\\\\.' )\n {\n report_fix = 'R7180';\n fix = '7180';\n }\n else\n {\n report_fix = 'R1210P02';\n fix = '1210P02';\n }\n}\n\nelse if( model =~ '^75(0|1)(0|2|3|6)' )\n{\n if( version =~ '^7\\\\.' )\n {\n report_fix = 'R7180';\n fix = '7180';\n }\n else\n {\n report_fix = 'R6710P02';\n fix = '6710P02';\n }\n}\n\nelse if( model =~ '^(A|A-)?5500-(24|48)(.*)?-4SFP HI' )\n{\n report_fix = 'R5501P21';\n fix = '5501P21';\n}\n\nelse if( model =~ '^WX500(2|4)' )\n{\n report_fix = 'R2507P44';\n fix = '2507P44';\n}\n\nelse if( model =~ '^U200-(A|S)' )\n{\n report_fix = 'F5123P33';\n fix = '5123P33';\n}\n\nelse if( model =~ '^59(0|2)0' )\n{\n report_fix = 'R2432P01';\n fix = '2432P01';\n}\n\nelse if( model =~ '^MSR100((2-4)|(3-8S))' )\n{\n report_fix = 'R0306P12';\n fix = '0306P12';\n}\n\nelse if( model =~ '^MSR200(3|4)' )\n{\n report_fix = 'R0306P12';\n fix = '0306P12';\n}\n\nelse if( model =~ '^MSR30(12|24|44|64)' )\n{\n report_fix = 'R0306P12';\n fix = '0306P12';\n}\n\nelse if( model =~ '^MSR40(00|60|80)' )\n{\n report_fix = 'R0306P12';\n fix = '0306P12';\n}\n\nelse if( model =~ '^(FF )?79(10|04)' )\n{\n report_fix = 'R2150';\n fix = '2150';\n}\n\nelse if( model =~ '^(A|A-)?5130-(24|48)-' )\n{\n report_fix = 'R3113P02';\n fix = 'R3113P02';\n}\n\nelse if( model =~ '^1950-(24G|48G)' )\n{\n report_fix = 'R3113P02';\n fix = '3113P02';\n}\n\nif( ! fix ) exit( 0 );\n\nrelease = ereg_replace( pattern:'^R', string:release, replace:'' );\n\nif( revcomp( a:release, b:fix ) < 0 )\n{\n report = report_fixed_ver( installed_version:\"R\" + release, fixed_version:report_fix );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-09T15:19:57", "description": "On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco Adaptive Security Appliance (ASA) Software incorporate a version of the\nOpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "openvas", "title": "Cisco Adaptive Security Appliance Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310106284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Cisco Adaptive Security Appliance Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:asa\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106284\");\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-1794\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Cisco Adaptive Security Appliance Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco Adaptive Security Appliance (ASA) Software incorporate a version of the\nOpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\");\n\n script_tag(name:\"insight\", value:\"Multiple OpenSSL vulnerabilities affecting Cisco ASA:\n\n - A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote\nattacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3194).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3195).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3196).\n\n - A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-22 11:38:29 +0700 (Thu, 22 Sep 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_asa_version.nasl\", \"gb_cisco_asa_version_snmp.nasl\");\n script_mandatory_keys(\"cisco_asa/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork: TRUE ) ) exit( 0 );\ncheck_vers = ereg_replace(string:version, pattern:\"\$([0-9.]+)\$\", replace:\".\\1\");\n\naffected = make_list(\n '8.0.1.2',\n '8.0.2',\n '8.0.2.11',\n '8.0.2.15',\n '8.0.3',\n '8.0.3.6',\n '8.0.3.12',\n '8.0.3.19',\n '8.0.4',\n '8.0.4.3',\n '8.0.4.9',\n '8.0.4.16',\n '8.0.4.23',\n '8.0.4.25',\n '8.0.4.28',\n '8.0.4.31',\n '8.0.4.32',\n '8.0.4.33',\n '8.0.5',\n '8.0.5.20',\n '8.0.5.23',\n '8.0.5.25',\n '8.0.5.27',\n '8.0.5.28',\n '8.0.5.31',\n '8.1.1',\n '8.1.1.6',\n '8.1.2',\n '8.1.2.13',\n '8.1.2.15',\n '8.1.2.16',\n '8.1.2.19',\n '8.1.2.23',\n '8.1.2.24',\n '8.1.2.49',\n '8.1.2.50',\n '8.1.2.55',\n '8.1.2.56',\n '8.2.0.45',\n '8.2.1',\n '8.2.1.11',\n '8.2.2',\n '8.2.2.9',\n '8.2.2.10',\n '8.2.2.12',\n '8.2.2.16',\n '8.2.2.17',\n '8.2.3',\n '8.2.4',\n '8.2.4.1',\n '8.2.4.4',\n '8.2.5',\n '8.2.5.13',\n '8.2.5.22',\n '8.2.5.26',\n '8.2.5.33',\n '8.2.5.40',\n '8.2.5.41',\n '8.2.5.46',\n '8.2.5.48',\n '8.2.5.50',\n '8.3.1',\n '8.3.1.1',\n '8.3.1.4',\n '8.3.1.6',\n '8.3.2',\n '8.3.2.4',\n '8.3.2.13',\n '8.3.2.23',\n '8.3.2.25',\n '8.3.2.31',\n '8.3.2.33',\n '8.3.2.34',\n '8.3.2.37',\n '8.3.2.39',\n '8.3.2.40',\n '8.3.2.41',\n '8.4.1',\n '8.4.1.3',\n '8.4.1.11',\n '8.4.2',\n '8.4.2.1',\n '8.4.2.8',\n '8.4.3',\n '8.4.3.8',\n '8.4.3.9',\n '8.4.4',\n '8.4.4.1',\n '8.4.4.3',\n '8.4.4.5',\n '8.4.4.9',\n '8.4.5',\n '8.4.5.6',\n '8.4.6',\n '8.4.7',\n '8.4.7.3',\n '8.4.7.15',\n '8.4.7.22',\n '8.4.7.23',\n '8.5.1',\n '8.5.1.1',\n '8.5.1.6',\n '8.5.1.7',\n '8.5.1.14',\n '8.5.1.17',\n '8.5.1.18',\n '8.5.1.19',\n '8.5.1.21',\n '8.6.1',\n '8.6.1.1',\n '8.6.1.2',\n '8.6.1.5',\n '8.6.1.10',\n '8.6.1.12',\n '8.6.1.13',\n '8.6.1.14',\n '8.7.1',\n '8.7.1.1',\n '8.7.1.3',\n '8.7.1.4',\n '8.7.1.7',\n '8.7.1.8',\n '8.7.1.11',\n '8.7.1.13',\n '9.0.1',\n '9.0.2',\n '9.0.2.10',\n '9.0.3',\n '9.0.3.6',\n '9.0.3.8',\n '9.0.4',\n '9.0.4.1',\n '9.0.4.5',\n '9.0.4.7',\n '9.0.4.17',\n '9.0.4.20',\n '9.0.4.24',\n '9.1.1',\n '9.1.1.4',\n '9.1.2',\n '9.1.2.8',\n '9.1.3',\n '9.1.3.2',\n '9.1.4',\n '9.1.4.5',\n '9.1.5',\n '9.1.5.10',\n '9.1.5.12',\n '9.1.5.15',\n '9.2.1',\n '9.2.2',\n '9.2.2.4',\n '9.2.2.7',\n '9.2.2.8',\n '9.2.3',\n '9.3.1',\n '9.3.1.1',\n '9.3.2' );\n\nforeach af ( affected )\n{\n if( check_vers == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-09T15:19:56", "description": "On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco Application Policy Infrastructure Controller (APIC) Software incorporate\na version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition.", "cvss3": {}, "published": "2016-09-22T00:00:00", "type": "openvas", "title": "Cisco Application Policy Infrastructure Controller Multiple Vulnerabilities in OpenSSL", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196", "CVE-2015-3193"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310106285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Cisco Application Policy Infrastructure Controller Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:application_policy_infrastructure_controller\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106285\");\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-1794\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Cisco Application Policy Infrastructure Controller Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"On December 3, 2015, the OpenSSL Project released a security advisory\ndetailing five vulnerabilities. Cisco Application Policy Infrastructure Controller (APIC) Software incorporate\na version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition.\");\n\n script_tag(name:\"insight\", value:\"Multiple OpenSSL vulnerabilities affecting Cisco APIC:\n\n - A vulnerability in the Montgomery multiplication module of OpenSSL could allow an unauthenticated, remote\nattacker to cause the library to produce unexpected and possibly weak cryptographic output (CVE-2015-3193).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3194).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3195).\n\n - A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to cause a DoS condition\n(CVE-2015-3196).\n\n - A vulnerability in the anonymous Diffie-Hellman cipher suite in OpenSSL could allow an unauthenticated,\nremote attacker to cause a denial of service (DoS) condition (CVE-2015-1794).\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-22 10:06:54 +0700 (Thu, 22 Sep 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_apic_web_detect.nasl\");\n script_mandatory_keys(\"cisco/application_policy_infrastructure_controller/installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '1.0(1e)',\n '1.1(1j)' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"1.2(2)\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:39", "description": "Oracle Linux Local Security Checks ELSA-2016-3523", "cvss3": {}, "published": "2016-03-02T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-3523", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2015-3195", "CVE-2015-3194", "CVE-2016-0797", "CVE-2016-0702", "CVE-2015-7575", "CVE-2015-3196"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-3523.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122888\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-02 06:56:05 +0200 (Wed, 02 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-3523\");\n script_tag(name:\"insight\", value:\"ELSA-2016-3523 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-3523\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-3523.html\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-0705\", \"CVE-2016-0797\", \"CVE-2015-3197\", \"CVE-2015-7575\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.ksplice1.el7_2.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.ksplice1.el7_2.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.ksplice1.el7_2.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.ksplice1.el7_2.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.ksplice1.el7_2.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.ksplice1.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.ksplice1.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.ksplice1.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.ksplice1.el6_7.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:14", "description": "This host is running OpenSSL and is prone\n to denial of service vulnerability.", "cvss3": {}, "published": "2016-01-11T00:00:00", "type": "openvas", "title": "OpenSSL Denial Of Service Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3196"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806816", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_dos_vuln_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Deniel Of Service Vulnerability (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806816\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 17:41:42 +0530 (Mon, 11 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL Denial Of Service Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n\n - A race condition flaw, leading to a double free error due to improper handling\n of pre-shared key (PSK) identify hints.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause denial of service via a crafted ServerKeyExchange message.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.0 before\n 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.0t or\n 1.0.1p or 1.0.2d or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://openssl.org/news/secadv/20151203.txt\");\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/55/sol55540723.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.0\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.0t\"))\n {\n fix = \"1.0.0t\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1p\"))\n {\n fix = \"1.0.1p\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2d\"))\n {\n fix = \"1.0.2d\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:12", "description": "This host is running OpenSSL and is prone\n to denial of service vulnerability.", "cvss3": {}, "published": "2016-01-11T00:00:00", "type": "openvas", "title": "OpenSSL Denial Of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3196"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806817", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806817", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_dos_vuln_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Denial Of Service Vulnerability (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806817\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3196\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-11 17:41:42 +0530 (Mon, 11 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL Denial Of Service Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n\n - A race condition flaw, leading to a double free error due to improper handling\n of pre-shared key (PSK) identify hints.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause denial of service via a crafted ServerKeyExchange message.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.0 before\n 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.0t or\n 1.0.1p or 1.0.2d or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://openssl.org/news/secadv/20151203.txt\");\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/55/sol55540723.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.0\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.0t\"))\n {\n fix = \"1.0.0t\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1p\"))\n {\n fix = \"1.0.1p\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2d\"))\n {\n fix = \"1.0.2d\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:55", "description": "This host is running OpenSSL and is prone\n to a denial of service vulnerability.", "cvss3": {}, "published": "2015-12-18T00:00:00", "type": "openvas", "title": "OpenSSL 'PSS' parameter Denial of Service Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806651", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806651", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_pss_param_dos_vuln_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL 'PSS' parameter Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806651\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3194\");\n script_bugtraq_id(78623);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 08:22:17 +0530 (Fri, 18 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL 'PSS' parameter Denial of Service Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error within\n crypto/rsa/rsa_ameth.c script as the signature verification routines crash\n with a NULL pointer dereference if presented with an ASN.1 signature using\n the RSA PSS algorithm and absent mask generation function parameter.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1q and\n 1.0.2 before 1.0.2e on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1q or 1.0.2e or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://openssl.org/news/secadv/20151203.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1q\"))\n {\n fix = \"1.0.1q\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2e\"))\n {\n fix = \"1.0.2e\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:43", "description": "This host is running OpenSSL and is prone\n to a denial of service vulnerability.", "cvss3": {}, "published": "2015-12-18T00:00:00", "type": "openvas", "title": "OpenSSL 'PSS' parameter Denial of Service Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806652", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_pss_param_dos_vuln_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL 'PSS' parameter Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806652\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3194\");\n script_bugtraq_id(78623);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 08:50:22 +0530 (Fri, 18 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL 'PSS' parameter Denial of Service Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error within\n crypto/rsa/rsa_ameth.c script as the signature verification routines crash\n with a NULL pointer dereference if presented with an ASN.1 signature using\n the RSA PSS algorithm and absent mask generation function parameter.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1q and\n 1.0.2 before 1.0.2e on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1q or 1.0.2e or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://openssl.org/news/secadv/20151203.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1q\"))\n {\n fix = \"1.0.1q\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2e\"))\n {\n fix = \"1.0.2e\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2015:2616-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2015:2616-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871520\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:45:08 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2015:2616-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2616-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~37.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8e~37.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~37.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~37.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:22", "description": "This host is running OpenSSL and is prone\n to information disclosure vulnerability.", "cvss3": {}, "published": "2015-12-23T00:00:00", "type": "openvas", "title": "OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_X509_information_disc_vuln_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806655\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-23 11:08:20 +0530 (Wed, 23 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in\n 'ASN1_TFLG_COMBINE' implementation within crypto/asn1/tasn_dec.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions before 0.9.8zh, 1.0.0 before\n 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 0.9.8zh or 1.0.0t or\n 1.0.1q or 1.0.2e or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://openssl.org/news/secadv/20151203.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^0\\.9\\.8\")\n{\n if(version_is_less(version:vers, test_version:\"0.9.8zh\"))\n {\n fix = \"0.9.8zh\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.0\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.0t\"))\n {\n fix = \"1.0.0t\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1q\"))\n {\n fix = \"1.0.1q\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2e\"))\n {\n fix = \"1.0.2e\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "description": "Oracle Linux Local Security Checks ELSA-2015-2616", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2616", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2616.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122804\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:50:31 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2616\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2616 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2616\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2616.html\");\n script_cve_id(\"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~37.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~37.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~37.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:27", "description": "This host is running OpenSSL and is prone\n to information disclosure vulnerability.", "cvss3": {}, "published": "2015-12-23T00:00:00", "type": "openvas", "title": "OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-02-27T00:00:00", "id": "OPENVAS:1361412562310806656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806656", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_X509_information_disc_vuln_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806656\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-23 12:41:42 +0530 (Wed, 23 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL 'X509_ATTRIBUTE' Information Disclosure Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in\n 'ASN1_TFLG_COMBINE' implementation within crypto/asn1/tasn_dec.c script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions before 0.9.8zh, 1.0.0 before\n 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 0.9.8zh or 1.0.0t or\n 1.0.1q or 1.0.2e or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://openssl.org/news/secadv/20151203.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^0\\.9\\.8\")\n{\n if(version_is_less(version:vers, test_version:\"0.9.8zh\"))\n {\n fix = \"0.9.8zh\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.0\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.0t\"))\n {\n fix = \"1.0.0t\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1q\"))\n {\n fix = \"1.0.1q\";\n VULN = TRUE;\n }\n}\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2e\"))\n {\n fix = \"1.0.2e\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "description": "Check the version of openssl", "cvss3": {}, "published": "2015-12-15T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:2616 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:2616 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882339\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 05:46:41 +0100 (Tue, 15 Dec 2015)\");\n script_cve_id(\"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2015:2616 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)\nprotocols, as well as a full-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2616\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021520.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8e~37.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8e~37.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~0.9.8e~37.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:25:19", "description": "This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "openvas", "title": "Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2016-0495"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806991", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806991\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-0495\", \"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 16:51:21 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to have an impact on availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.3.36\n and 5.0.14 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.3.36, 5.0.14 or later on Linux.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/VirtualBox/Lin/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.3.35\"))\n{\n fix = \"4.3.36\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:virtualVer, test_version:\"5.0.0\", test_version2:\"5.0.13\"))\n{\n fix = \"5.0.14\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver( installed_version:virtualVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:26:08", "description": "This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "openvas", "title": "Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2016-0495"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806992", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806992\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-0495\", \"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 16:53:27 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to have an impact on availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.3.36\n and 5.0.14 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.3.36, 5.0.14 or later on Mac OS X.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_oracle_virtualbox_detect_macosx.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.3.35\"))\n{\n fix = \"4.3.36\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:virtualVer, test_version:\"5.0.0\", test_version2:\"5.0.13\"))\n{\n fix = \"5.0.14\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver( installed_version:virtualVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:25:23", "description": "This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "openvas", "title": "Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2016-0495"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806988", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806988\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2016-0495\", \"CVE-2015-3195\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 16:01:00 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability - 01 Jan16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle VM\n VirtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to have an impact on availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.3.36\n and 5.0.14 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.3.36, 5.0.14 or later on Windows.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.3.35\"))\n{\n fix = \"4.3.36\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:virtualVer, test_version:\"5.0.0\", test_version2:\"5.0.13\"))\n{\n fix = \"5.0.14\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver( installed_version:virtualVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:55", "description": "The host is installed with HP System\n Management Homepage (SMH) and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "openvas", "title": "HP System Management Homepage Multiple Vulnerabilities(may-2016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4969", "CVE-2016-0705", "CVE-2016-2015", "CVE-2015-3195", "CVE-2016-0799", "CVE-2015-3194", "CVE-2016-2842", "CVE-2015-3237", "CVE-2007-6750", "CVE-2015-7995", "CVE-2015-8035"], "modified": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310807598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_smh_mult_vuln_may16.nasl 11961 2018-10-18 10:49:40Z asteins $\n#\n# HP System Management Homepage Multiple Vulnerabilities(may-2016)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:hp:system_management_homepage\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807598\");\n script_version(\"$Revision: 11961 $\");\n script_cve_id(\"CVE-2011-4969\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2016-0705\",\n \"CVE-2016-0799\", \"CVE-2016-2842\", \"CVE-2015-3237\", \"CVE-2015-7995\",\n \"CVE-2015-8035\", \"CVE-2007-6750\", \"CVE-2016-2015\");\n script_bugtraq_id(58458, 78623, 78626, 75387, 77325, 77390, 21865);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 12:49:40 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-19 15:47:50 +0530 (Thu, 19 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"HP System Management Homepage Multiple Vulnerabilities(may-2016)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with HP System\n Management Homepage (SMH) and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to multiple\n unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to obtain and modify sensitive information and also remote attackers to execute\n arbitrary code and to obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"HP System Management Homepage before 7.5.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to HP System Management Homepage\n 7.5.5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_hp_smh_detect.nasl\");\n script_mandatory_keys(\"HP/SMH/installed\");\n script_require_ports(\"Services/www\", 2301, 2381);\n script_xref(name:\"URL\", value:\"http://www8.hp.com/us/en/products/server-software/product-detail.html?oid=344313\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!smhPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!smhVer = get_app_version(cpe:CPE, port:smhPort)){\n exit(0);\n}\n\nif(version_is_less(version:smhVer, test_version:\"7.5.5\"))\n{\n report = report_fixed_ver(installed_version:smhVer, fixed_version:\"7.5.5\");\n security_message(data:report, port:smhPort);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-05T18:54:13", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "cvss3": {}, "published": "2016-05-05T00:00:00", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 May16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0668", "CVE-2016-0665", "CVE-2016-0661"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807965", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807965", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln01_may16_lin.nasl 58702 2016-05-05 10:23:34 +0530 May$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 May16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807965\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0668\", \"CVE-2016-0665\", \"CVE-2016-0661\", \"CVE-2015-3194\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-05 10:23:34 +0530 (Thu, 05 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n local users to affect availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.6.28 and earlier,\n 5.7.10 and earlier on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.(6|7))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.28\")||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.10\"))\n {\n report = report_fixed_ver( installed_version:mysqlVer, fixed_version:\"Apply the patch\" );\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-05T18:52:53", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "cvss3": {}, "published": "2016-04-25T00:00:00", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-01 April16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0668", "CVE-2016-0665", "CVE-2016-0661"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310807923", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807923", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mysql_mult_unspecified_vuln01_april16_win.nasl 2016-04-25 16:01:10 +0530 April$\n#\n# Oracle MySQL Multiple Unspecified Vulnerabilities-01 April16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807923\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-0668\", \"CVE-2016-0665\", \"CVE-2016-0661\", \"CVE-2015-3194\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-25 16:01:10 +0530 (Mon, 25 Apr 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Oracle MySQL Multiple Unspecified Vulnerabilities-01 April16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Unspecified errors exists in the MySQL Server\n component via unknown vectors related to Server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n local users to affect availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle MySQL Server 5.6.28 and earlier,\n 5.7.10 and earlier on windows\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!mysqlVer = get_app_version(cpe:CPE, port:sqlPort)){\n exit(0);\n}\n\nif(mysqlVer =~ \"^(5\\.(6|7))\")\n{\n if(version_in_range(version:mysqlVer, test_version:\"5.6.0\", test_version2:\"5.6.28\")||\n version_in_range(version:mysqlVer, test_version:\"5.7.0\", test_version2:\"5.7.10\"))\n {\n report = report_fixed_ver( installed_version:mysqlVer, fixed_version: \"Apply the patch\" );\n security_message(data:report, port:sqlPort);\n exit(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:43", "description": "ScreenOS: Multiple Vulnerabilities in OpenSSL / Malformed SSL/TLS packet causes Denial of Service", "cvss3": {}, "published": "2016-04-15T00:00:00", "type": "openvas", "title": "Multiple Security issues with ScreenOS (JSA10732/JSA10733)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1789", "CVE-2015-3195", "CVE-2016-1268", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310105605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105605", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_juniper_screenos_JSA10732.nasl 12096 2018-10-25 12:26:02Z asteins $\n#\n# Multiple Security issues with ScreenOS (JSA10732/JSA10733)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:juniper:screenos\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105605\");\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-3195\", \"CVE-2016-1268\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 12096 $\");\n\n script_name(\"Multiple Security issues with ScreenOS (JSA10732/JSA10733)\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10732&actp=RSS\");\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733&actp=RSS\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A specially crafted malformed packet received on any interface targeted to the device's administrative web services interface may cause loss of administrative access to the system and can reboot the system causing a complete denial of service.\");\n\n script_tag(name:\"solution\", value:\"Update to ScreenOS 6.3.0r22 or newer\");\n\n script_tag(name:\"summary\", value:\"ScreenOS: Multiple Vulnerabilities in OpenSSL / Malformed SSL/TLS packet causes Denial of Service\");\n script_tag(name:\"affected\", value:\"These issues can affect any product or platform running ScreenOS prior to 6.3.0r22\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 14:26:02 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-15 14:21:00 +0200 (Fri, 15 Apr 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_screenos_version.nasl\");\n script_mandatory_keys(\"ScreenOS/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ndisplay_version = version;\n\nversion = str_replace( string:version, find:\"r\", replace:\".\" );\nversion = str_replace( string:version, find:\"-\", replace:\".\" );\n\ndisplay_fix = '6.3.0r22';\n\nif( version_is_less( version:version, test_version:'6.3.0.22' ) )\n{\n report = report_fixed_ver( installed_version:display_version, fixed_version:display_fix );\n\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:38:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-1861)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1789", "CVE-2015-3195", "CVE-2016-2108", "CVE-2014-3571", "CVE-2016-2177", "CVE-2016-2105", "CVE-2016-2109", "CVE-2015-0292", "CVE-2016-2106"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191861", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1861\");\n script_version(\"2020-01-23T12:24:58+0000\");\n script_cve_id(\"CVE-2014-3571\", \"CVE-2015-0292\", \"CVE-2015-1789\", \"CVE-2015-3195\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:24:58 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:24:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-1861)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1861\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1861\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl098e' package(s) announced via the EulerOS-SA-2019-1861 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.(CVE-2015-0292)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.(CVE-2015-3195)\n\nOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.(CVE-2014-3571)\n\nOpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.(CVE-2016-2177)\n\nAn integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105)\n\nAn integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106)\n\nA flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'openssl098e' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.3.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016. Junos Space is potentially affected by many of these issues.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Junos Space OpenSSL Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3197", "CVE-2016-6306", "CVE-2016-2178", "CVE-2015-3195", "CVE-2016-2108", "CVE-2016-0799", "CVE-2016-6302", "CVE-2016-2177", "CVE-2016-2105", "CVE-2015-3194", "CVE-2016-2180", "CVE-2016-0797", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-0800", "CVE-2016-0704", "CVE-2016-6303", "CVE-2016-2182", "CVE-2016-0703", "CVE-2016-2179", "CVE-2016-2106"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310140019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_space_JSA10759.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# Junos Space OpenSSL Security Updates\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:juniper:junos_space\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140019\");\n script_version(\"$Revision: 14181 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 14:51:46 +0200 (Wed, 26 Oct 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2016-0703\", \"CVE-2016-0800\", \"CVE-2016-2108\", \"CVE-2016-6304\", \"CVE-2015-3194\",\n \"CVE-2015-3195\", \"CVE-2016-0704\", \"CVE-2015-3197\", \"CVE-2016-0702\", \"CVE-2016-0797\",\n \"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\", \"CVE-2016-6303\",\n \"CVE-2016-2179\", \"CVE-2016-2182\", \"CVE-2016-2180\", \"CVE-2016-2181\", \"CVE-2016-6302\",\n \"CVE-2016-2177\", \"CVE-2016-2178\", \"CVE-2016-6306\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos Space OpenSSL Security Updates\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"JunOS Local Security Checks\");\n script_dependencies(\"gb_junos_space_version.nasl\");\n script_mandatory_keys(\"junos_space/installed\");\n\n script_tag(name:\"summary\", value:\"The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016. Junos Space is potentially affected by many of these issues.\");\n\n script_tag(name:\"affected\", value:\"Junos Space < 16.1R1\");\n\n script_tag(name:\"solution\", value:\"OpenSSL software has been upgraded to 1.0.1t in Junos Space 16.1R1 (pending release) to resolve all the issues.\");\n\n script_xref(name:\"URL\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"junos.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe: CPE ) )\n exit( 0 );\n\nif( check_js_version( ver:version, fix:\"16.1R1\" ) )\n{\n report = report_fixed_ver( installed_version:version, fixed_version:\"16.1R1\" );\n security_message( port: 0, data: report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:46", "description": "The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016. ScreenOS is potentially affected by many of these issues.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "ScreenOS OpenSSL Security Updates", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6306", "CVE-2015-3195", "CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0797", "CVE-2016-0800", "CVE-2016-0704", "CVE-2016-6305", "CVE-2016-2182", "CVE-2016-0703", "CVE-2016-2106"], "modified": "2018-11-15T00:00:00", "id": "OPENVAS:1361412562310140020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140020", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_juniper_screenos_JSA10759.nasl 12363 2018-11-15 09:51:15Z asteins $\n#\n# ScreenOS OpenSSL Security Updates\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:juniper:screenos\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140020\");\n script_cve_id(\"CVE-2016-0703\", \"CVE-2016-0800\", \"CVE-2016-2108\", \"CVE-2015-3195\", \"CVE-2016-0704\", \"CVE-2016-6305\", \"CVE-2016-0797\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2182\", \"CVE-2016-6306\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12363 $\");\n\n script_name(\"ScreenOS OpenSSL Security Updates\");\n\n script_xref(name:\"URL\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to ScreenOS 6.3.0r23 or newer.\");\n\n script_tag(name:\"summary\", value:\"The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016. ScreenOS is potentially affected by many of these issues.\");\n script_tag(name:\"affected\", value:\"ScreenOS < 6.3.0r23.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 10:51:15 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:11:39 +0200 (Wed, 26 Oct 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_screenos_version.nasl\");\n script_mandatory_keys(\"ScreenOS/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ndisplay_version = version;\n\nversion = str_replace( string:version, find:\"r\", replace:\".\" );\nversion = str_replace( string:version, find:\"-\", replace:\".\" );\n\ndisplay_fix = '6.3.0r23';\n\nif( version_is_less( version:version, test_version:'6.3.0.23' ) )\n{\n report = report_fixed_ver( installed_version:display_version, fixed_version:display_fix );\n\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2016:1332-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0641", "CVE-2016-0705", "CVE-2016-2047", "CVE-2016-0649", "CVE-2016-0639", "CVE-2015-3194", "CVE-2016-0646", "CVE-2016-0668", "CVE-2016-0666", "CVE-2016-0643", "CVE-2016-0642", "CVE-2016-0640", "CVE-2016-0665", "CVE-2016-0655", "CVE-2016-0650", "CVE-2016-0644", "CVE-2016-0661"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851316", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851316", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851316\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-19 05:21:43 +0200 (Thu, 19 May 2016)\");\n script_cve_id(\"CVE-2015-3194\", \"CVE-2016-0639\", \"CVE-2016-0640\", \"CVE-2016-0641\",\n \"CVE-2016-0642\", \"CVE-2016-0643\", \"CVE-2016-0644\", \"CVE-2016-0646\",\n \"CVE-2016-0647\", \"CVE-2016-0648\", \"CVE-2016-0649\", \"CVE-2016-0650\",\n \"CVE-2016-0655\", \"CVE-2016-0661\", \"CVE-2016-0665\", \"CVE-2016-0666\",\n \"CVE-2016-0668\", \"CVE-2016-0705\", \"CVE-2016-2047\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2016:1332-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-community-server'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This mysql-community-server version update to 5.6.30 fixes the following\n issues:\n\n Security issues fixed:\n\n - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639,\n CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644,\n CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,\n CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641,\n CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643\n\n Bugs fixed:\n\n - don't delete the log data when migration fails\n\n - add 'log-error' and 'secure-file-priv' configuration options (added via\n configuration-tweaks.tar.bz2) [boo#963810]\n\n * add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error =\n /var/log/mysql/mysqld.log'. If no path is set, the error log is\n written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by\n logrotate.\n\n * add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD\n DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files\n in the directory specified by 'secure-file-priv' option\n (='/var/lib/mysql-files').\");\n\n script_tag(name:\"affected\", value:\"mysql-community-server on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1332-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html\");\n script_xref(name:\"URL\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18\", rpm:\"libmysql56client18~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo\", rpm:\"libmysql56client18-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18\", rpm:\"libmysql56client_r18~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server\", rpm:\"mysql-community-server~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench\", rpm:\"mysql-community-server-bench~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-bench-debuginfo\", rpm:\"mysql-community-server-bench-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client\", rpm:\"mysql-community-server-client~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-client-debuginfo\", rpm:\"mysql-community-server-client-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debuginfo\", rpm:\"mysql-community-server-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-debugsource\", rpm:\"mysql-community-server-debugsource~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-errormessages\", rpm:\"mysql-community-server-errormessages~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test\", rpm:\"mysql-community-server-test~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-test-debuginfo\", rpm:\"mysql-community-server-test-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools\", rpm:\"mysql-community-server-tools~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mysql-community-server-tools-debuginfo\", rpm:\"mysql-community-server-tools-debuginfo~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-32bit\", rpm:\"libmysql56client18-32bit~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client18-debuginfo-32bit\", rpm:\"libmysql56client18-debuginfo-32bit~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libmysql56client_r18-32bit\", rpm:\"libmysql56client_r18-32bit~5.6.30~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:0640-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0166", "CVE-2014-3505", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2015-3197", "CVE-2014-3572", "CVE-2015-1789", "CVE-2013-0169", "CVE-2015-0286", "CVE-2014-3507", "CVE-2015-3195", "CVE-2014-3571", "CVE-2014-0076", "CVE-2016-0799", "CVE-2015-0288", "CVE-2014-0224", "CVE-2014-8275", "CVE-2016-0797", "CVE-2014-3570", "CVE-2014-3470", "CVE-2014-3506", "CVE-2015-0293", "CVE-2015-1788", "CVE-2014-0195", "CVE-2015-0209", "CVE-2014-3567", "CVE-2015-0204", "CVE-2016-0800", "CVE-2015-1790", "CVE-2014-3510", "CVE-2015-0287", "CVE-2015-0289", "CVE-2014-3568", "CVE-2014-3569", "CVE-2015-1791", "CVE-2014-0221"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851223", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851223\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-04 06:42:46 +0100 (Fri, 04 Mar 2016)\");\n script_cve_id(\"CVE-2013-0166\", \"CVE-2013-0169\", \"CVE-2014-0076\", \"CVE-2014-0195\",\n \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\", \"CVE-2014-3505\",\n \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3510\",\n \"CVE-2014-3566\", \"CVE-2014-3567\", \"CVE-2014-3568\", \"CVE-2014-3569\",\n \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\",\n \"CVE-2015-0204\", \"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\",\n \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\", \"CVE-2015-1788\",\n \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\",\n \"CVE-2015-3195\", \"CVE-2015-3197\", \"CVE-2016-0797\", \"CVE-2016-0799\",\n \"CVE-2016-0800\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:0640-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libopenssl0_9_8'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was\n vulnerable to a cross-protocol attack that could lead to decryption of\n TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites\n as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be re-enabled if\n required by old legacy software using the environment variable\n 'OPENSSL_ALLOW_EXPORT'.\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions\n had a bug that could result in an attempt to de-reference a NULL pointer\n leading to crashes. This could have security consequences if these\n functions were ever called by user applications with large untrusted\n hex/decimal data. Also, internal usage of these functions in OpenSSL\n uses data from config files or application command line arguments. If\n user developed applications generated config file data based on\n untrusted data, then this could have had security consequences as well.\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr()\n and doapr_outch() functions could miscalculate the length of a string\n and attempt to access out-of-bounds memory locations. These problems\n could have enabled attacks where large amounts of untrusted data is\n passed to the BIO_*printf functions. If applications use these functions\n in this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1 data.\n Therefore applications that print this data could have been vulnerable\n if the data is from untrusted sources. OpenSSL command line applications\n could also have been vulnerable when they print out ASN.1 data, or if\n untrusted data is passed as command line arguments. Libssl is not\n considered directly vulnerable.\n\n\n - The package was updated to 0.9.8zh:\n\n * fixes many security vulnerabilities (not separately listed):\n CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287,\n CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,\n CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204,\n CVE-2014-8 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"libopenssl0_9_8 on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0640-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8zh~9.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8zh~9.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debugsource\", rpm:\"libopenssl0_9_8-debugsource~0.9.8zh~9.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8zh~9.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8zh~9.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:33", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-04-01T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 March-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2016-1765", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 March-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806693\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2015-7551\", \"CVE-2016-1733\", \"CVE-2016-1732\", \"CVE-2016-1734\",\n \"CVE-2016-1735\", \"CVE-2016-1736\", \"CVE-2016-1737\", \"CVE-2016-1740\",\n \"CVE-2016-1738\", \"CVE-2016-1741\", \"CVE-2016-1743\", \"CVE-2016-1744\",\n \"CVE-2016-1745\", \"CVE-2016-1746\", \"CVE-2016-1747\", \"CVE-2016-1748\",\n \"CVE-2016-1749\", \"CVE-2016-1752\", \"CVE-2016-1753\", \"CVE-2016-1754\",\n \"CVE-2016-1755\", \"CVE-2016-1756\", \"CVE-2016-1757\", \"CVE-2016-1758\",\n \"CVE-2016-1759\", \"CVE-2016-1761\", \"CVE-2016-1764\", \"CVE-2016-1765\",\n \"CVE-2016-1767\", \"CVE-2016-1768\", \"CVE-2016-1769\", \"CVE-2016-1770\",\n \"CVE-2016-1773\", \"CVE-2016-1775\", \"CVE-2016-1750\", \"CVE-2016-1788\",\n \"CVE-2015-8126\", \"CVE-2015-8472\", \"CVE-2015-8659\", \"CVE-2015-1819\",\n \"CVE-2015-5312\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7942\",\n \"CVE-2015-8035\", \"CVE-2015-8242\", \"CVE-2016-1762\", \"CVE-2016-0777\",\n \"CVE-2016-0778\", \"CVE-2015-3195\", \"CVE-2014-9495\", \"CVE-2015-0973\",\n \"CVE-2016-1950\", \"CVE-2016-0801\", \"CVE-2016-0802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:28 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 March-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, trigger a dialing action,\n bypass a code-signing protection mechanism.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x before\n 10.11.4, 10.9.x through 10.9.5, 10.10.x through 10.10.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.11.4 or later, or apply aptch from vendor.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206167\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(9|1[01])\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.(9|1[01])\"){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n}\n\nelse if((osVer == \"10.10.5\") || (osVer == \"10.9.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1713\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n else if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1712\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nelse if(osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.4\")){\n fix = \"10.11.4\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:43:38", "description": "Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2015:2617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/87357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2617 and \n# CentOS Errata and Security Advisory 2015:2617 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87357);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"RHSA\", value:\"2015:2617\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2015:2617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-December/021519.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01709d45\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-December/021523.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?900e88a6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-December/021524.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?800f2dea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3194\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:03", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.\n Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-2230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87280);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2230-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3194/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3196/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152230-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76634ad7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2015-954=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-954=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-954=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"openssl-debugsource-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-36.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:10", "description": "Moderate security issues fixed in this update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-D87D60B9A9.NASL", "href": "https://www.tenable.com/plugins/nessus/89431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-d87d60b9a9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89431);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"FEDORA\", value:\"2015-d87d60b9a9\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-13.fc22 (2015-d87d60b9a9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moderate security issues fixed in this update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288326\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f24ae84\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-13.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:47", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.\n Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-911.NASL", "href": "https://www.tenable.com/plugins/nessus/87487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-911.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87487);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-911)\");\n script_summary(english:\"Check for the openSUSE-2015-911 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl-devel-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl1_0_0-hmac-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debuginfo-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"openssl-debugsource-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:26", "description": "The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)", "cvss3": {"score": null, "vector": null}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory15.asc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY15.NASL", "href": "https://www.tenable.com/plugins/nessus/88085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88085);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory15.asc\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" && oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1 / 7.2\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nifixes_098 = \"(098_ifix|IV81287m9b|IV83169m9b)\";\nifixes_1298 = \"(1298_ifix|IV81287m9c|IV83169m9c)\";\nifixes_101 = \"(101_ifix|101a_fix|IV81287m9a|IV83169m9a)\";\n\n#0.9.8.2506\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_098, package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2506\") < 0) flag++;\n\n#12.9.8.2506\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_1298, package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2506\") < 0) flag++;\n\n#1.0.1.515\nif (aix_check_ifix(release:\"5.3\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", patch:ifixes_101, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.515\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:41", "description": "OpenSSL was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3194: Certificate verify crash with missing PSS parameter (bsc#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812)\n\n - CVE-2015-3196: Race condition handling PSK identify hint (bsc#957813)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : OpenSSL (openSUSE-2015-908)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-908.NASL", "href": "https://www.tenable.com/plugins/nessus/87447", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-908.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87447);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"openSUSE Security Update : OpenSSL (openSUSE-2015-908)\");\n script_summary(english:\"Check for the openSUSE-2015-908 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix three security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3194: Certificate verify crash with missing PSS\n parameter (bsc#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (bsc#957812)\n\n - CVE-2015-3196: Race condition handling PSK identify hint\n (bsc#957813)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenSSL packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.27.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:02", "description": "This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.\n Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a multi-threaded client then the values were wrongly updated in the parent SSL_CTX structure. This could result in a race condition potentially leading to a double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Clear the error after setting non-fips mode (bsc#947104)\n\n - Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n\n - Add support for 'ciphers' providing no encryption (bsc#937085)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-2237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87318);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:2237-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\nSecurity fixes :\n\n - CVE-2015-3194: The signature verification routines will\n crash with a NULL pointer dereference if presented with\n an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. Since these\n routines are used to verify certificate signature\n algorithms this can be used to crash any certificate\n verification operation and exploited in a DoS attack.\n Any application which performs certificate verification\n is vulnerable including OpenSSL clients and servers\n which enable client authentication. (bsc#957815)\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - CVE-2015-3196: If PSK identity hints are received by a\n multi-threaded client then the values were wrongly\n updated in the parent SSL_CTX structure. This could\n result in a race condition potentially leading to a\n double free of the identify hint data. (bsc#957813)\n\nNon security bugs fixed :\n\n - Clear the error after setting non-fips mode (bsc#947104)\n\n - Improve S/390 performance on IBM z196 and z13\n (bsc#954256)\n\n - Add support for 'ciphers' providing no encryption\n (bsc#937085)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3194/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3196/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152237-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e8d9bde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-958=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-958=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-958=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-27.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-27.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:01", "description": "Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. A remote attacker can exploit this flaw to crash any certificate verification operation and mount a denial of service attack.\n\n - CVE-2015-3195 Adam Langley of Google/BoringSSL discovered that OpenSSL will leak memory when presented with a malformed X509_ATTRIBUTE structure.\n\n - CVE-2015-3196 A race condition flaw in the handling of PSK identify hints was discovered, potentially leading to a double free of the identify hint data.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "Debian DSA-3413-1 : openssl - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3413.NASL", "href": "https://www.tenable.com/plugins/nessus/87212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3413. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87212);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"DSA\", value:\"3413\");\n\n script_name(english:\"Debian DSA-3413-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures\nproject identifies the following issues :\n\n - CVE-2015-3194\n Loic Jonas Etienne of Qnective AG discovered that the\n signature verification routines will crash with a NULL\n pointer dereference if presented with an ASN.1 signature\n using the RSA PSS algorithm and absent mask generation\n function parameter. A remote attacker can exploit this\n flaw to crash any certificate verification operation and\n mount a denial of service attack.\n\n - CVE-2015-3195\n Adam Langley of Google/BoringSSL discovered that OpenSSL\n will leak memory when presented with a malformed\n X509_ATTRIBUTE structure.\n\n - CVE-2015-3196\n A race condition flaw in the handling of PSK identify\n hints was discovered, potentially leading to a double\n free of the identify hint data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-3196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3413\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.0.1e-2+deb7u18.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:43", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK identity hint", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0155.NASL", "href": "https://www.tenable.com/plugins/nessus/87366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0155.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87366);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0155)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-December/000403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20060b02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:34:44", "description": "A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-614)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-614.NASL", "href": "https://www.tenable.com/plugins/nessus/87340", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-614.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87340);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"ALAS\", value:\"2015-614\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-614)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-614.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-13.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-13.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-13.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-13.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-13.88.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:43", "description": "From Red Hat Security Advisory 2015:2617 :\n\nUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/87364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2617 and \n# Oracle Linux Security Advisory ELSA-2015-2617 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87364);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"RHSA\", value:\"2015:2617\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2617 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005624.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005625.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:42", "description": "Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-14T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl (RHSA-2015:2617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/87335", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87335);\n script_version(\"2.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"RHSA\", value:\"2015:2617\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2015:2617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://openssl.org/news/secadv/20151203.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20151203.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3195\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-51.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:35", "description": "A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151214_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87402);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could\npossibly use this flaw to crash a TLS/SSL client using OpenSSL, or a\nTLS/SSL server using OpenSSL if it enabled client authentication.\n(CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=1245\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?973e5d4b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-42.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-42.el6_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:45", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK identity hint", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-01-08T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-7575"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2016-0001.NASL", "href": "https://www.tenable.com/plugins/nessus/87800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0001.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87800);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-7575\");\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000407.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90e4620d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-42.el6_7.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:54", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-8023"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-15_11.NASL", "href": "https://www.tenable.com/plugins/nessus/106498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106498);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-8023\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626,\n 84947\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:26.openssl\");\n\n script_name(english:\"pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.2.6. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.2.6_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_09.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05b5b916\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_10.captiveportal.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cecc787a\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_11.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?354b97b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.2.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8023\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.2.6\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{xss:TRUE, xsrf:TRUE, sqli:TRUE}\n);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:43:57", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.0 prior to 1.0.0t. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0t Multiple DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195", "CVE-2015-3196"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0T.NASL", "href": "https://www.tenable.com/plugins/nessus/87220", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87220);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-3195\", \"CVE-2015-3196\");\n script_bugtraq_id(78622, 78626);\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0t Multiple DoS\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.0 prior to 1.0.0t. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.0t or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0t', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:42", "description": "LibreSSL was updated to fix two security issues inherited from OpenSSL.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3194: NULL pointer dereference in client side certificate validation\n\n - CVE-2015-3195: Memory leak in PKCS7 - not reachable from TLS/SSL", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libressl (openSUSE-2015-916)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcrypto34", "p-cpe:/a:novell:opensuse:libcrypto34-32bit", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libcrypto36", "p-cpe:/a:novell:opensuse:libcrypto36-32bit", "p-cpe:/a:novell:opensuse:libcrypto36-debuginfo", "p-cpe:/a:novell:opensuse:libcrypto36-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libressl", "p-cpe:/a:novell:opensuse:libressl-debuginfo", "p-cpe:/a:novell:opensuse:libressl-debugsource", "p-cpe:/a:novell:opensuse:libressl-devel", "p-cpe:/a:novell:opensuse:libressl-devel-32bit", "p-cpe:/a:novell:opensuse:libssl33", "p-cpe:/a:novell:opensuse:libssl33-32bit", "p-cpe:/a:novell:opensuse:libssl33-debuginfo", "p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libssl37", "p-cpe:/a:novell:opensuse:libssl37-32bit", "p-cpe:/a:novell:opensuse:libssl37-debuginfo", "p-cpe:/a:novell:opensuse:libssl37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtls4", "p-cpe:/a:novell:opensuse:libtls4-32bit", "p-cpe:/a:novell:opensuse:libtls4-debuginfo", "p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtls9", "p-cpe:/a:novell:opensuse:libtls9-32bit", "p-cpe:/a:novell:opensuse:libtls9-debuginfo", "p-cpe:/a:novell:opensuse:libtls9-debuginfo-32bit", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-916.NASL", "href": "https://www.tenable.com/plugins/nessus/87518", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-916.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87518);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2015-916)\");\n script_summary(english:\"Check for the openSUSE-2015-916 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"LibreSSL was updated to fix two security issues inherited from\nOpenSSL.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3194: NULL pointer dereference in client side\n certificate validation\n\n - CVE-2015-3195: Memory leak in PKCS7 - not reachable from\n TLS/SSL\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958768\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libressl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto36-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls9-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.1-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcrypto36-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libcrypto36-debuginfo-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-debuginfo-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-debugsource-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libressl-devel-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libssl37-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libssl37-debuginfo-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtls9-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtls9-debuginfo-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcrypto36-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libcrypto36-debuginfo-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libssl37-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libssl37-debuginfo-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtls9-32bit-2.3.0-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtls9-debuginfo-32bit-2.3.0-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:59", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1q. It is, therefore, affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1q Multiple DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1Q.NASL", "href": "https://www.tenable.com/plugins/nessus/87221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87221);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\");\n script_bugtraq_id(78623, 78626);\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1q Multiple DoS\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.1 prior to 1.0.1q. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.1q or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1q', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T01:21:20", "description": "According to its self-reported version number, the Blue Coat ProxyAV firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It is, therefore, affected by the following vulnerabilities in the bundled version of OpenSSL :\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-09-09T00:00:00", "type": "nessus", "title": "Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/h:bluecoat:proxyav"], "id": "BLUECOAT_PROXY_AV_3_5_4_1.NASL", "href": "https://www.tenable.com/plugins/nessus/93410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93410);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\");\n script_bugtraq_id(78623, 78626);\n script_xref(name:\"IAVA\", value:\"2016-A-0229\");\n\n script_name(english:\"Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities\");\n script_summary(english:\"Checks the version of Blue Coat ProxyAV.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple denial of service\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Blue Coat ProxyAV\nfirmware installed on the remote device is 3.5.x prior to 3.5.4.1. It\nis, therefore, affected by the following vulnerabilities in the\nbundled version of OpenSSL :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c due to improper handling of ASN.1 signatures\n that are missing the PSS parameter. A remote attacker\n can exploit this to cause the signature verification\n routine to crash, resulting in a denial of service\n condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa105\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Blue Coat ProxyAV version 3.5.4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:bluecoat:proxyav\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bluecoat_proxy_av_version.nasl\");\n script_require_keys(\"www/bluecoat_proxyav\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\n\nport = get_kb_item_or_exit(\"www/bluecoat_proxyav\");\nver = get_kb_item_or_exit(\"www/bluecoat_proxyav/\" + port + \"/version\");\n\nurl = build_url(port:port, qs:\"/\");\n\nif (ver !~ \"^3\\.5\\.\")\n audit(AUDIT_WEB_APP_NOT_AFFECTED, \"Blue Coat ProxyAV\", url, ver);\n\nfix = \"3.5.4.1\";\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 3.5.4.1' +\n '\\n';\n\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"Blue Coat ProxyAV\", url, ver);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:15", "description": "The version of MySQL Enterprise Server 5.6 installed on the remote host is 5.6.x prior to 5.6.29 or 5.7.x prior to 5.7.11. It is, therefore, affected by multiple vulnerabilities in the included OpenSSL library :\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-02-11T00:00:00", "type": "nessus", "title": "MySQL Enterprise Server 5.6.x < 5.6.29 / 5.7.x < 5.7.11 OpenSSL Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:mysql:mysql"], "id": "MYSQL_ES_5_6_29.NASL", "href": "https://www.tenable.com/plugins/nessus/88698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88698);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\");\n script_bugtraq_id(78623, 78626);\n\n script_name(english:\"MySQL Enterprise Server 5.6.x < 5.6.29 / 5.7.x < 5.7.11 OpenSSL Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL Enterprise Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server uses a version of OpenSSL known to be\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL Enterprise Server 5.6 installed on the remote\nhost is 5.6.x prior to 5.6.29 or 5.7.x prior to 5.7.11. It is,\ntherefore, affected by multiple vulnerabilities in the included\nOpenSSL library :\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c due to improper handling of ASN.1 signatures\n that are missing the PSS parameter. A remote attacker\n can exploit this to cause the signature verification\n routine to crash, resulting in a denial of service\n condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL Enterprise Server version 5.6.29 / 5.7.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mysql:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:make_list('5.6.29', '5.7.11'), severity:SECURITY_WARNING, variant:\"Enterprise\", sslvuln:TRUE);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:11:48", "description": "OpenSSL project reports :\n\n- BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n\n- Certificate verify crash with missing PSS parameter (CVE-2015-3194)\n\n- X509_ATTRIBUTE memory leak (CVE-2015-3195)\n\n- Race condition handling PSK identify hint (CVE-2015-3196)\n\n- Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/87213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87213);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:26.openssl\");\n\n script_name(english:\"FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL project reports :\n\n- BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n\n- Certificate verify crash with missing PSS parameter (CVE-2015-3194)\n\n- X509_ATTRIBUTE memory leak (CVE-2015-3195)\n\n- Race condition handling PSK identify hint (CVE-2015-3196)\n\n- Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20151203.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/4c8d1d72-9b38-11e5-aece-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50f70b45\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.2e\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:11:03", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-16T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-349-04)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-349-04.NASL", "href": "https://www.tenable.com/plugins/nessus/87378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-349-04. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87378);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"SSA\", value:\"2015-349-04\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-349-04)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7716dd60\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zh\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1q\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1q\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1q\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1q\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1q\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1q\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1q\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1q\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.2e\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2e\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.2e\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.2e\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:43:20", "description": "The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0.\nIt is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)\n\n - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.\n (CVE-2015-1794)", "cvss3": {"score": null, "vector": null}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/a:cisco:anyconnect_secure_mobility_client"], "id": "CISCO_ANYCONNECT_CSCUX41420.NASL", "href": "https://www.tenable.com/plugins/nessus/88100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88100);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/06 11:26:08\");\n\n script_cve_id(\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-1794\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626\n );\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20151204-openssl\");\n script_xref(name:\"IAVA\", value:\"2016-A-0030\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCux41420\");\n\n script_name(english:\"Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version of the Cisco AnyConnect client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco AnyConnect Secure Mobility Client installed on the remote\nhost is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0.\nIt is, therefore, affected by multiple vulnerabilities in the bundled\nversion of OpenSSL :\n \n - A carry propagating flaw exists in the x86_64 Montgomery\n squaring implementation that may cause the BN_mod_exp()\n function to produce incorrect results. An attacker can\n exploit this to obtain sensitive information regarding\n private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\n\n - A flaw exists in the ssl3_get_key_exchange() function\n in file s3_clnt.c when handling a ServerKeyExchange\n message for an anonymous DH ciphersuite with the value\n of 'p' set to 0. A attacker can exploit this, by causing\n a segmentation fault, to crash an application linked\n against the library, resulting in a denial of service.\n (CVE-2015-1794)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4099a8d6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCux41420\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.13015.0\n/ 4.2.1035.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:anyconnect_secure_mobility_client\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_anyconnect_vpn_installed.nasl\");\n script_require_keys(\"installed_sw/Cisco AnyConnect Secure Mobility Client\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_name = \"Cisco AnyConnect Secure Mobility Client\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\npath = install['path'];\nver = install['version'];\n\nfix = '';\n\nif (ver =~ \"^4\\.2\\.\" && (ver_compare(ver:ver, fix:'4.2.1035.0', strict:FALSE) < 0))\n fix = '4.2.1035.0';\n\nelse if (ver_compare(ver:ver, fix:'3.1.13015.0', strict:FALSE) < 0)\n fix = '3.1.13015.0';\n\nif (!empty(fix))\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:45:13", "description": "The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL :\n - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)\n\n - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.\n (CVE-2015-1794)", "cvss3": {"score": null, "vector": null}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:cisco:anyconnect_secure_mobility_client"], "id": "MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL", "href": "https://www.tenable.com/plugins/nessus/88101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88101);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-1794\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626\n );\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20151204-openssl\");\n script_xref(name:\"IAVA\", value:\"2016-A-0030\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCux41420\");\n\n script_name(english:\"Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the version of the Cisco AnyConnect client.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco AnyConnect Secure Mobility Client installed on the remote\nMac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to\n4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in\nthe bundled version of OpenSSL :\n \n - A carry propagating flaw exists in the x86_64 Montgomery\n squaring implementation that may cause the BN_mod_exp()\n function to produce incorrect results. An attacker can\n exploit this to obtain sensitive information regarding\n private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\n\n - A flaw exists in the ssl3_get_key_exchange() function\n in file s3_clnt.c when handling a ServerKeyExchange\n message for an anonymous DH ciphersuite with the value\n of 'p' set to 0. A attacker can exploit this, by causing\n a segmentation fault, to crash an application linked\n against the library, resulting in a denial of service.\n (CVE-2015-1794)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4099a8d6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCux41420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.13015.0\n/ 4.2.1035.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:anyconnect_secure_mobility_client\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_cisco_anyconnect_installed.nasl\");\n script_require_keys(\"installed_sw/Cisco AnyConnect Secure Mobility Client\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nappname = \"Cisco AnyConnect Secure Mobility Client\";\n\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\npath = install['path'];\nver = install['version'];\n\nfix = '';\n\nif (ver =~ \"^4\\.2\\.\" && (ver_compare(ver:ver, fix:'4.2.1035.0', strict:FALSE) < 0))\n fix = '4.2.1035.0';\n\nelse if (ver_compare(ver:ver, fix:'3.1.13015.0', strict:FALSE) < 0)\n fix = '3.1.13015.0';\n\nif (!empty(fix))\n{\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, ver, path);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T15:11:09", "description": "Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-1794)\n\nHanno Bock discovered that the OpenSSL Montgomery squaring procedure algorithm may produce incorrect results when being used on x86_64. A remote attacker could possibly use this issue to break encryption.\nThis issue only applied to Ubuntu 15.10. (CVE-2015-3193)\n\nLoic Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints.\nA remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-08T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : openssl vulnerabilities (USN-2830-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2830-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2830-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87236);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\");\n script_xref(name:\"USN\", value:\"2830-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : openssl vulnerabilities (USN-2830-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Guy Leaver discovered that OpenSSL incorrectly handled a\nServerKeyExchange for an anonymous DH ciphersuite with the value of p\nset to 0. A remote attacker could possibly use this issue to cause\nOpenSSL to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 15.10. (CVE-2015-1794)\n\nHanno Bock discovered that the OpenSSL Montgomery squaring procedure\nalgorithm may produce incorrect results when being used on x86_64. A\nremote attacker could possibly use this issue to break encryption.\nThis issue only applied to Ubuntu 15.10. (CVE-2015-3193)\n\nLoic Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1\nsignatures with a missing PSS parameter. A remote attacker could\npossibly use this issue to cause OpenSSL to crash, resulting in a\ndenial of service. (CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. A remote attacker could possibly use this\nissue to cause OpenSSL to consume resources, resulting in a denial of\nservice. (CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints.\nA remote attacker could possibly use this issue to cause OpenSSL to\ncrash, resulting in a denial of service. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2830-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.32\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.16\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu11.5\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2d-0ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:50:37", "description": "Moderate security issues fixed in this update. Faster handling of some common elliptic curves enabled on 64 bit architectures. Improved Makefile.certificate to not use serial number 0 by default.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : openssl-1.0.2e-1.fc23 (2015-605de37b7f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-605DE37B7F.NASL", "href": "https://www.tenable.com/plugins/nessus/89256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-605de37b7f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89256);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\");\n script_xref(name:\"FEDORA\", value:\"2015-605de37b7f\");\n\n script_name(english:\"Fedora 23 : openssl-1.0.2e-1.fc23 (2015-605de37b7f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moderate security issues fixed in this update. Faster handling of some\ncommon elliptic curves enabled on 64 bit architectures. Improved\nMakefile.certificate to not use serial number 0 by default.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1288322\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173315.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c5c112e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openssl-1.0.2e-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:41:59", "description": "The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL :\n\n - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)\n\n - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled.\n (CVE-2015-3197)", "cvss3": {"score": null, "vector": null}, "published": "2016-04-22T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2016-0678"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_0_18.NASL", "href": "https://www.tenable.com/plugins/nessus/90680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90680);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2015-1794\",\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-3197\",\n \"CVE-2016-0678\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626,\n 82237\n );\n script_xref(name:\"CERT\", value:\"257823\");\n\n script_name(english:\"Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Oracle VM VirtualBox application installed on the remote host is a\nversion prior to 4.3.36 or 5.0.18. It is, therefore, affected by an\nunspecified flaw in the Core subcomponent that allows a local attacker\nto gain elevated privileges. Additionally, multiple vulnerabilities\nexist in the bundled version of OpenSSL :\n\n - A flaw exists in the ssl3_get_key_exchange() function\n in file s3_clnt.c when handling a ServerKeyExchange\n message for an anonymous DH ciphersuite with the value\n of 'p' set to 0. A attacker can exploit this, by causing\n a segmentation fault, to crash an application linked\n against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery\n squaring implementation that may cause the BN_mod_exp()\n function to produce incorrect results. An attacker can\n exploit this to obtain sensitive information regarding\n private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c due to improper handling of ASN.1 signatures\n that are missing the PSS parameter. A remote attacker\n can exploit this to cause the signature verification\n routine to crash, resulting in a denial of service\n condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\n\n - A cipher algorithm downgrade vulnerability exists due to\n a flaw that is triggered when handling cipher\n negotiation. A remote attacker can exploit this to\n negotiate SSLv2 ciphers and complete SSLv2 handshakes\n even if all SSLv2 ciphers have been disabled on the\n server. Note that this vulnerability only exists if the\n SSL_OP_NO_SSLv2 option has not been disabled.\n (CVE-2015-3197)\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffb7b96f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.18 or later as\nreferenced in the April 2016 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Affected :\n# 4.3.x < 4.3.36\n# 5.0.x < 5.0.18\nif (ver =~ '^4\\\\.3' && ver_compare(ver:ver, fix:'4.3.36', strict:FALSE) < 0) fix = '4.3.36';\nelse if (ver =~ '^5\\\\.0' && ver_compare(ver:ver, fix:'5.0.18', strict:FALSE) < 0) fix = '5.0.18';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\nexit(0);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-27T14:48:17", "description": "The remote host is affected by the vulnerability described in GLSA-201601-05 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details.\n Note that the list includes CVE identifiers for an older OpenSSL Security Advisory (3 Dec 2015) for which we have not issued a GLSA before.\n Impact :\n\n A remote attacker could disclose a server’s private DH exponent, or complete SSLv2 handshakes using ciphers that have been disabled on the server.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-02-05T00:00:00", "type": "nessus", "title": "GLSA-201601-05 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2016-0701"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201601-05.NASL", "href": "https://www.tenable.com/plugins/nessus/88586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201601-05.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88586);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1794\", \"CVE-2015-3193\", \"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-3197\", \"CVE-2016-0701\");\n script_xref(name:\"GLSA\", value:\"201601-05\");\n\n script_name(english:\"GLSA-201601-05 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201601-05\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the upstream advisory and CVE identifiers referenced below for details.\n Note that the list includes CVE identifiers for an older OpenSSL Security\n Advisory (3 Dec 2015) for which we have not issued a GLSA before.\n \nImpact :\n\n A remote attacker could disclose a server’s private DH exponent, or\n complete SSLv2 handshakes using ciphers that have been disabled on the\n server.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://openssl.org/news/secadv/20160128.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160128.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201601-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.2f'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.2f\", \"rge 1.0.1r\", \"rge 1.0.1s\", \"rge 1.0.1t\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.2f\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:11:47", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2e. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2E.NASL", "href": "https://www.tenable.com/plugins/nessus/87222", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87222);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-1794\",\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\"\n );\n script_bugtraq_id(78623, 78626);\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2e. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A flaw exists in the ssl3_get_key_exchange() function\n in file s3_clnt.c when handling a ServerKeyExchange\n message for an anonymous DH ciphersuite with the value\n of 'p' set to 0. A attacker can exploit this, by causing\n a segmentation fault, to crash an application linked\n against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery\n squaring implementation that may cause the BN_mod_exp()\n function to produce incorrect results. An attacker can\n exploit this to obtain sensitive information regarding\n private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c when handling ASN.1 signatures that use the\n RSA PSS algorithm but are missing a mask generation\n function parameter. A remote attacker can exploit this\n to cause the signature verification routine to crash,\n leading to a denial of service. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n # https://mta.openssl.org/pipermail/openssl-commits/2015-August/001540.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fc69a3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2e or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3193\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2e', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:41:39", "description": "This libressl update to version 2.2.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. [boo#978492, boo#977584]\n\n - CVE-2015-3194: Certificate verify crash with missing PSS parameter (boo#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812)\n\n - CVE-2015-5333: Memory Leak (boo#950707)\n\n - CVE-2015-5334: Buffer Overflow (boo#950708)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libressl (openSUSE-2016-604)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-5333", "CVE-2015-5334"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libcrypto34", "p-cpe:/a:novell:opensuse:libcrypto34-32bit", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo", "p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libressl", "p-cpe:/a:novell:opensuse:libressl-debuginfo", "p-cpe:/a:novell:opensuse:libressl-debugsource", "p-cpe:/a:novell:opensuse:libressl-devel", "p-cpe:/a:novell:opensuse:libressl-devel-32bit", "p-cpe:/a:novell:opensuse:libssl33", "p-cpe:/a:novell:opensuse:libssl33-32bit", "p-cpe:/a:novell:opensuse:libssl33-debuginfo", "p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtls4", "p-cpe:/a:novell:opensuse:libtls4-32bit", "p-cpe:/a:novell:opensuse:libtls4-debuginfo", "p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-604.NASL", "href": "https://www.tenable.com/plugins/nessus/91274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-604.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91274);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-5333\", \"CVE-2015-5334\");\n\n script_name(english:\"openSUSE Security Update : libressl (openSUSE-2016-604)\");\n script_summary(english:\"Check for the openSUSE-2016-604 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This libressl update to version 2.2.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - Fix multiple vulnerabilities in libcrypto relating to\n ASN.1 and encoding. [boo#978492, boo#977584]\n\n - CVE-2015-3194: Certificate verify crash with missing PSS\n parameter (boo#957815)\n\n - CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812)\n\n - CVE-2015-5333: Memory Leak (boo#950707)\n\n - CVE-2015-5334: Buffer Overflow (boo#950708)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978492\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libressl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcrypto34-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libressl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libssl33-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtls4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libcrypto34-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-debugsource-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libressl-devel-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libssl33-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtls4-debuginfo-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libcrypto34-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libressl-devel-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libssl33-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-32bit-2.2.7-2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtls4-debuginfo-32bit-2.2.7-2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcrypto34 / libcrypto34-32bit / libcrypto34-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:41", "description": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. (CVE-2015-3196)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K55540723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3196"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL55540723.NASL", "href": "https://www.tenable.com/plugins/nessus/87434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K55540723.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87434);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-3196\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K55540723)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and\n1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the\nPSK identity hint to an incorrect data structure, which allows remote\nservers to cause a denial of service (race condition and double free)\nvia a crafted ServerKeyExchange message. (CVE-2015-3196)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K55540723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K55540723.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K55540723\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.5.0-11.6.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.5.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:02", "description": "The OpenBSD project reports :\n\nA NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-09T00:00:00", "type": "nessus", "title": "FreeBSD : libressl -- NULL pointer dereference (215e740e-9c56-11e5-90e7-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_215E740E9C5611E590E7B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/87269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87269);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3194\");\n\n script_name(english:\"FreeBSD : libressl -- NULL pointer dereference (215e740e-9c56-11e5-90e7-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenBSD project reports :\n\nA NULL pointer deference could be triggered by a crafted certificate\nsent to services configured to verify client certificates on TLS/SSL\nconnections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openbsd-announce&t=144920914600002\"\n );\n # https://vuxml.freebsd.org/freebsd/215e740e-9c56-11e5-90e7-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d07d991d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.2.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl>=2.3.0<2.3.1_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:24", "description": "The version of Cisco Security Manager running on the remote web server is 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-02-05T00:00:00", "type": "nessus", "title": "Cisco Security Manager 4.9.x < 4.9(0.397) / 4.10.x < 4.10(0.189) OpenSSL ASN.1 Signature Handling DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:cisco:security_manager"], "id": "CISCO_SECURITY_MANAGER_CSCUX41352.NASL", "href": "https://www.tenable.com/plugins/nessus/88593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88593);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-3194\");\n script_bugtraq_id(78623);\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20151204-openssl\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCux41352\");\n\n script_name(english:\"Cisco Security Manager 4.9.x < 4.9(0.397) / 4.10.x < 4.10(0.189) OpenSSL ASN.1 Signature Handling DoS\");\n script_summary(english:\"Checks the version of Cisco Security Manager Web Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The web application running on the remote web server is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco Security Manager running on the remote web server\nis 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is,\ntherefore, affected by a NULL pointer dereference flaw in file\nrsa_ameth.c due to improper handling of ASN.1 signatures that are\nmissing the PSS parameter. A remote attacker can exploit this to cause\nthe signature verification routine to crash, resulting in a denial of\nservice condition.\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4099a8d6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCux41352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco Security Manager version 4.9(0.397) / 4.10(0.189) or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:security_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_security_manager_http_detect.nbin\");\n script_require_keys(\"Settings/ParanoidReport\", \"installed_sw/Cisco Security Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"http.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nwww_name = \"Cisco Security Manager\";\n\nget_install_count(app_name:www_name, exit_if_zero:TRUE);\nport = get_http_port(default:443);\nif (!port) port = 443;\n\ninstall = get_single_install(app_name:www_name, port:port, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\nfix = '';\n\nif (ver =~ \"^4\\.10\" && (ver_compare(ver:ver, fix:'4.10.0.189', strict:FALSE) < 0))\n fix = '4.10(0.189)';\n\nelse if (ver_compare(ver:ver, fix:'4.9.0.397', strict:FALSE) < 0)\n fix = '4.9(0.397)';\n\nif (!empty(fix))\n{\n if (report_verbosity > 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, www_name, ver, path);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:39", "description": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.\n(CVE-2015-3194)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K86772626)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL86772626.NASL", "href": "https://www.tenable.com/plugins/nessus/87435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K86772626.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87435);\n script_version(\"2.25\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-3194\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K86772626)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before\n1.0.2e allows remote attackers to cause a denial of service (NULL\npointer dereference and application crash) via an RSA PSS ASN.1\nsignature that lacks a mask generation function parameter.\n(CVE-2015-3194)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K86772626\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K86772626.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K86772626\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:42:49", "description": "The SecurityCenter application installed on the remote host is affected by a denial of service vulnerability in the bundled OpenSSL library. The library is version 1.0.1 or later but prior to 1.0.1q. It is, therefore, affected by a NULL pointer dereference flaw in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-02-17T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter OpenSSL ASN.1 Signature Verification Routine DoS (TNS-2016-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_OPENSSL_1_0_1Q.NASL", "href": "https://www.tenable.com/plugins/nessus/88809", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88809);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2015-3194\");\n script_bugtraq_id(78623);\n\n script_name(english:\"Tenable SecurityCenter OpenSSL ASN.1 Signature Verification Routine DoS (TNS-2016-01)\");\n script_summary(english:\"Checks the version of OpenSSL in SecurityCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SecurityCenter application installed on the remote host is\naffected by a denial of service vulnerability in the bundled OpenSSL\nlibrary. The library is version 1.0.1 or later but prior to 1.0.1q. \nIt is, therefore, affected by a NULL pointer dereference flaw in file\nrsa_ameth.c due to improper handling of ASN.1 signatures that are\nmissing the PSS parameter. A remote attacker can exploit this to cause\nthe signature verification routine to crash, resulting in a denial of\nservice condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-01\");\n script_set_attribute(attribute:\"see_also\", value:\"https://static.tenable.com/prod_docs/upgrade_security_center.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.tenable.com/support-center/index.php?x=&mod_id=160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.2.0. Alternatively, apply\nthe relevant patch referenced in the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\", \"Host/local_checks_enabled\", \"Host/SecurityCenter/support/openssl/version\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"telnet_func.inc\");\ninclude(\"install_func.inc\");\n\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nsc_ver = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(sc_ver))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n sc_ver = install[\"version\"];\n}\nif (! preg(pattern:\"^(4\\.6\\.2\\.2|4\\.[7-8]\\.[1-2]|5\\.[0-1]\\.[0-2](\\.[0-1]|))$\", string:sc_ver)) audit(AUDIT_INST_VER_NOT_VULN, \"SecurityCenter\", sc_ver);\n\nfixes = make_list(\"1.0.1q\", \"1.0.2e\");\ncutoffs = make_list(\"1.0.1\", \"1.0.2\");\nversion = get_kb_item_or_exit(\"Host/SecurityCenter/support/openssl/version\");\n\nfix = NULL;\n\nfor ( i=0; i<2; i++)\n{\n if (\n openssl_ver_cmp(ver:version, fix:fixes[i], same_branch:TRUE, is_min_check:FALSE) < 0 &&\n openssl_ver_cmp(ver:version, fix:cutoffs[i], same_branch:TRUE, is_min_check:FALSE) >= 0\n )\n {\n fix = fixes[i];\n break;\n }\n}\n\nif (!isnull(fix))\n{\n report = '\\n' +\n '\\n SecurityCenter version : ' + sc_ver +\n '\\n SecurityCenter OpenSSL version : ' + version +\n '\\n Fixed OpenSSL version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"OpenSSL (within SecurityCenter)\", version);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:43", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2015:2616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-2616.NASL", "href": "https://www.tenable.com/plugins/nessus/87356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2616 and \n# CentOS Errata and Security Advisory 2015:2616 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87356);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3195\");\n script_xref(name:\"RHSA\", value:\"2015:2616\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2015:2616)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-December/021520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b7daf90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-37.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-37.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-37.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:45", "description": "This update for compat-openssl098 fixes the following issues :\n\nSecurity issue fixed:;\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nNon security issue fixed :\n\n - Prevent segfault in s_client with invalid options (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:2342-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-2342-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87654", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2342-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87654);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:2342-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for compat-openssl098 fixes the following issues :\n\nSecurity issue fixed:;\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nNon security issue fixed :\n\n - Prevent segfault in s_client with invalid options\n (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152342-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9e0b5e3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 12 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-12-2015-1011=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-1011=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-1011=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"compat-openssl098-debugsource-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-32bit-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"compat-openssl098-debugsource-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"compat-openssl098-debugsource-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-87.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-87.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:39", "description": "This update for compat-openssl097g fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nA non security issue fixed :\n\n - Prevent segfault in s_client with invalid options (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-14T00:00:00", "type": "nessus", "title": "SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2015:2251-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl097g", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-2251-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87338", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2251-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87338);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2015:2251-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for compat-openssl097g fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nA non security issue fixed :\n\n - Prevent segfault in s_client with invalid options\n (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152251-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c25a0b2d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 11-SP4 :\n\nzypper in -t patch slesappsp4-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Server for SAP 11-SP3 :\n\nzypper in -t patch slesappsp3-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Server for SAP 11-SP2 :\n\nzypper in -t patch slesapp2-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-compat-openssl097g-12255=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-compat-openssl097g-12255=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.36.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl097g\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:35", "description": "A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20151214)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151214_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87401);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20151214)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=919\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?259c1e29\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-37.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-37.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-37.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-37.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:43", "description": "This update for compat-openssl098 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nNon security issue fixed :\n\n - Prevent segfault in s_client with invalid options (bsc#952099)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : compat-openssl098 (openSUSE-2015-940)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:compat-openssl098-debugsource", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-940.NASL", "href": "https://www.tenable.com/plugins/nessus/87619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-940.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87619);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"openSUSE Security Update : compat-openssl098 (openSUSE-2015-940)\");\n script_summary(english:\"Check for the openSUSE-2015-940 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for compat-openssl098 fixes the following issues :\n\nSecurity issue fixed :\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\nNon security issue fixed :\n\n - Prevent segfault in s_client with invalid options\n (bsc#952099)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compat-openssl098 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"compat-openssl098-debugsource-0.9.8j-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl0_9_8-0.9.8j-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098-debugsource / libopenssl0_9_8 / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:41", "description": "This update for openssl fixes the following issues :\n\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - Prevent segfault in s_client with invalid options (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2015:2275-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-2275-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2275-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87461);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2015:2275-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl fixes the following issues :\n\n - CVE-2015-3195: When presented with a malformed\n X509_ATTRIBUTE structure OpenSSL would leak memory. This\n structure is used by the PKCS#7 and CMS routines so any\n application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected.\n (bsc#957812)\n\n - Prevent segfault in s_client with invalid options\n (bsc#952099)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152275-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37f84a9c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3 :\n\nzypper in -t patch slestso13-openssl-12264=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-openssl-12264=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-openssl-12264=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-openssl-12264=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-openssl-12264=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-openssl-12264=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-openssl-12264=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-openssl-12264=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-openssl-12264=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-openssl-12264=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-openssl-12264=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-openssl-12264=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"openssl-doc-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-doc-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl-devel-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-doc-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.80.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssl-0.9.8j-0.80.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:41:46", "description": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. (CVE-2015-3195)", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-05-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K12824341)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL12824341.NASL", "href": "https://www.tenable.com/plugins/nessus/91201", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K12824341.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91201);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K12824341)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in\nOpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and\n1.0.2 before 1.0.2e mishandles errors caused by malformed\nX509_ATTRIBUTE data, which allows remote attackers to obtain sensitive\ninformation from process memory by triggering a decoding failure in a\nPKCS#7 or CMS application. (CVE-2015-3195)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12824341\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K12824341.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K12824341\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"12.0.0HF3\",\"11.6.1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:00", "description": "When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.\n\nKurt\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-04T00:00:00", "type": "nessus", "title": "Debian DLA-358-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl0.9.8", "p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-358.NASL", "href": "https://www.tenable.com/plugins/nessus/87186", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-358-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87186);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3195\");\n\n script_name(english:\"Debian DLA-358-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When presented with a malformed X509_ATTRIBUTE structure OpenSSL will\nleak memory. This structure is used by the PKCS#7 and CMS routines so\nany application which reads PKCS#7 or CMS data from untrusted sources\nis affected. SSL/TLS is not affected.\n\nKurt\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/12/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze22\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze22\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze22\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze22\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze22\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:57", "description": "According to its banner, the remote host is running a version of OpenSSL 0.9.8 prior to 0.9.8zh. It is, therefore, affected by a flaw in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8ZH.NASL", "href": "https://www.tenable.com/plugins/nessus/87219", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87219);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-3195\");\n script_bugtraq_id(78626);\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zh X509_ATTRIBUTE Memory Leak DoS\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 0.9.8 prior to 0.9.8zh. It is, therefore, affected by a flaw\nin the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to\nhandling malformed X509_ATTRIBUTE structures. A remote attacker can\nexploit this to cause a memory leak by triggering a decoding failure\nin a PKCS#7 or CMS application, resulting in a denial of service.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 0.9.8zh or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zh', min:\"0.9.8\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:11:24", "description": "From Red Hat Security Advisory 2015:2616 :\n\nUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-15T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssl (ELSA-2015-2616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2015-2616.NASL", "href": "https://www.tenable.com/plugins/nessus/87363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2616 and \n# Oracle Linux Security Advisory ELSA-2015-2616 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87363);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3195\");\n script_xref(name:\"RHSA\", value:\"2015:2616\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2015-2616)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2616 :\n\nUpdated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-December/005627.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-37.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-37.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-37.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:43:35", "description": "Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2015-12-14T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2015:2616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3195"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2015-2616.NASL", "href": "https://www.tenable.com/plugins/nessus/87334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2616. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87334);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-3195\");\n script_xref(name:\"RHSA\", value:\"2015:2616\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2015:2616)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. A remote attacker could use this flaw to cause an\napplication that parses PKCS#7 or CMS data from untrusted sources to\nuse an excessive amount of memory and possibly crash. (CVE-2015-3195)\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://openssl.org/news/secadv/20151203.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3195\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2616\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-37.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-37.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-37.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-37.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-37.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-37.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-03T14:06:24", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.1 prior to 1.0.1p. It is, therefore, affected by the following vulnerabilities :\n\n - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. Note that this issue affects only versions 1.0.1n and 1.0.1o. (CVE-2015-1793)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1p Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1793", "CVE-2015-3196"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1P.NASL", "href": "https://www.tenable.com/plugins/nessus/84636", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84636);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-1793\", \"CVE-2015-3196\");\n script_bugtraq_id(75652);\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1p Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.1 prior to 1.0.1p. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A certificate validation bypass vulnerability exists due\n to a flaw in the X509_verify_cert() function in\n x509_vfy.c that is triggered when locating alternate\n certificate chains when the first attempt to build such\n a chain fails. A remote attacker can exploit this, by\n using a valid leaf certificate as a certificate\n authority (CA), to issue invalid certificates that will\n bypass authentication. Note that this issue affects only\n versions 1.0.1n and 1.0.1o. (CVE-2015-1793)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150709.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n # https://github.com/openssl/openssl/commit/2aacec8f4a5ba1b365620a7b17fcce311ada93ad\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcde170c\");\n # https://github.com/openssl/openssl/blob/master/test/verify_extra_test.c#L105\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59729200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.1p or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1793\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1p', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-06T04:39:47", "description": "According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2d. It is, therefore, affected by the following vulnerabilities :\n\n - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in x509_vfy.c that is triggered when locating alternate certificate chains when the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2d Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1793", "CVE-2015-3196"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2D.NASL", "href": "https://www.tenable.com/plugins/nessus/84637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84637);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-1793\", \"CVE-2015-3196\");\n script_bugtraq_id(75652);\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2d Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running a version of\nOpenSSL 1.0.2 prior to 1.0.2d. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A certificate validation bypass vulnerability exists due\n to a flaw in the X509_verify_cert() function in\n x509_vfy.c that is triggered when locating alternate\n certificate chains when the first attempt to build such\n a chain fails. A remote attacker can exploit this, by\n using a valid leaf certificate as a certificate\n authority (CA), to issue invalid certificates that will\n bypass authentication. (CVE-2015-1793)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150709.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n # https://github.com/openssl/openssl/commit/2aacec8f4a5ba1b365620a7b17fcce311ada93ad\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcde170c\");\n # https://github.com/openssl/openssl/blob/master/test/verify_extra_test.c#L105\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59729200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.0.2d or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1793\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2d', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-16T20:24:52", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2016-2105 - possible overflow in base64 encoding\n\n - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate\n\n - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n\n - fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n\n - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n\n - fix CVE-2016-0799 - memory issues in BIO_printf\n\n - fix CVE-2016-0702 - side channel attack on modular exponentiation\n\n - fix CVE-2016-0705 - double-free in DSA private key parsing\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method\n\n - fix 1-byte memory leak in pkcs12 parse (#1229871)\n\n - document some options of the speed command (#1197095)\n\n - fix high-precision timestamps in timestamping authority\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK identity hint", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/91154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0049.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91154);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-3197\", \"CVE-2015-7575\", \"CVE-2016-0702\", \"CVE-2016-0705\", \"CVE-2016-0797\", \"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2016-2105 - possible overflow in base64 encoding\n\n - fix CVE-2016-2106 - possible overflow in\n EVP_EncryptUpdate\n\n - fix CVE-2016-2107 - padding oracle in stitched AES-NI\n CBC-MAC\n\n - fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n\n - fix CVE-2016-2109 - possible DoS when reading ASN.1 data\n from BIO\n\n - fix CVE-2016-0799 - memory issues in BIO_printf\n\n - fix CVE-2016-0702 - side channel attack on modular\n exponentiation\n\n - fix CVE-2016-0705 - double-free in DSA private key\n parsing\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and\n BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method\n\n - fix 1-byte memory leak in pkcs12 parse (#1229871)\n\n - document some options of the speed command (#1197095)\n\n - fix high-precision timestamps in timestamping authority\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000459.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:24:52", "description": "According to its banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the Apache HTTP Server due to the lack of the mod_reqtimeout module. An unauthenticated, remote attacker can exploit this, via a saturation of partial HTTP requests, to cause a daemon outage. (CVE-2007-6750)\n\n - A cross-site scripting (XSS) vulnerability exists in jQuery when using location.hash to select elements. An unauthenticated, remote attacker can exploit this, via a specially crafted tag, to inject arbitrary script code or HTML into the user's browser session.\n (CVE-2011-4969)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - An out-of-bounds read error exists in cURL and libcurl within the smb_request_state() function due to improper bounds checking. An unauthenticated, remote attacker can exploit this, using a malicious SMB server and crafted length and offset values, to disclose sensitive memory information or to cause a denial of service condition. (CVE-2015-3237)\n\n - A flaw exists in libxslt in the xsltStylePreCompute() function within file preproc.c due to a failure to check if the parent node is an element. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition. (CVE-2015-7995)\n\n - An infinite loop condition exists in the xz_decomp() function within file xzlib.c when handling xz compressed XML content due to a failure to detect compression errors. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition. (CVE-2015-8035)\n\n - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705)\n\n - An out-of-bounds read error exists in the fmtstr() function within file crypto/bio/b_print.c when printing very long strings due to a failure to properly calculate string lengths. An unauthenticated, remote attacker can exploit this, via a long string, to cause a denial of service condition, as demonstrated by a large amount of ASN.1 data. (CVE-2016-0799)\n\n - An unspecified flaw exists that allows a local attacker to impact the confidentiality and integrity of the system. No other details are available. (CVE-2016-2015)\n\n - A flaw exists in the doapr_outch() function within file crypto/bio/b_print.c due to a failure to verify that a certain memory allocation succeeds. An unauthenticated, remote attacker can exploit this, via a long string, to cause a denial of service condition, as demonstrated by a large amount of ASN.1 data. (CVE-2016-2842)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-18T00:00:00", "type": "nessus", "title": "HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6750", "CVE-2011-4969", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3237", "CVE-2015-7995", "CVE-2015-8035", "CVE-2016-0705", "CVE-2016-0799", "CVE-2016-2015", "CVE-2016-2842"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_5_5.NASL", "href": "https://www.tenable.com/plugins/nessus/91222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91222);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-6750\",\n \"CVE-2011-4969\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3237\",\n \"CVE-2015-7995\",\n \"CVE-2015-8035\",\n \"CVE-2016-0705\",\n \"CVE-2016-0799\",\n \"CVE-2016-2015\",\n \"CVE-2016-2842\"\n );\n script_bugtraq_id(\n 21865,\n 58458,\n 75387,\n 77325,\n 77390,\n 78623,\n 78626\n );\n script_xref(name:\"HP\", value:\"emr_na-c05111017\");\n script_xref(name:\"HP\", value:\"HPSBMU03593\");\n\n script_name(english:\"HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of HP System Management Homepage\n(SMH) hosted on the remote web server is affected by the following\nvulnerabilities :\n\n - A denial of service vulnerability exists in the Apache\n HTTP Server due to the lack of the mod_reqtimeout\n module. An unauthenticated, remote attacker can exploit\n this, via a saturation of partial HTTP requests, to\n cause a daemon outage. (CVE-2007-6750)\n\n - A cross-site scripting (XSS) vulnerability exists in\n jQuery when using location.hash to select elements. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted tag, to inject arbitrary script\n code or HTML into the user's browser session.\n (CVE-2011-4969)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c due to improper handling of ASN.1 signatures\n that are missing the PSS parameter. A remote attacker\n can exploit this to cause the signature verification\n routine to crash, resulting in a denial of service\n condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - An out-of-bounds read error exists in cURL and libcurl\n within the smb_request_state() function due to improper\n bounds checking. An unauthenticated, remote attacker\n can exploit this, using a malicious SMB server and\n crafted length and offset values, to disclose sensitive\n memory information or to cause a denial of service\n condition. (CVE-2015-3237)\n\n - A flaw exists in libxslt in the xsltStylePreCompute()\n function within file preproc.c due to a failure to check\n if the parent node is an element. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted XML file, to cause a denial of service\n condition. (CVE-2015-7995)\n\n - An infinite loop condition exists in the xz_decomp()\n function within file xzlib.c when handling xz compressed\n XML content due to a failure to detect compression\n errors. An unauthenticated, remote attacker can exploit\n this, via specially crafted XML data, to cause a denial\n of service condition. (CVE-2015-8035)\n\n - A double-free error exists due to improper validation of\n user-supplied input when parsing malformed DSA private\n keys. A remote attacker can exploit this to corrupt\n memory, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2016-0705)\n\n - An out-of-bounds read error exists in the fmtstr()\n function within file crypto/bio/b_print.c when printing\n very long strings due to a failure to properly calculate\n string lengths. An unauthenticated, remote attacker can\n exploit this, via a long string, to cause a denial of\n service condition, as demonstrated by a large amount of\n ASN.1 data. (CVE-2016-0799)\n\n - An unspecified flaw exists that allows a local attacker\n to impact the confidentiality and integrity of the\n system. No other details are available. (CVE-2016-2015)\n\n - A flaw exists in the doapr_outch() function within file\n crypto/bio/b_print.c due to a failure to verify that a\n certain memory allocation succeeds. An unauthenticated,\n remote attacker can exploit this, via a long string,\n to cause a denial of service condition, as demonstrated\n by a large amount of ASN.1 data. (CVE-2016-2842)\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d21af70\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage version 7.5.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2842\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n# Only Linux and Windows are affected -- HP-UX is not mentioned\nif (report_paranoia < 2)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Windows\" >!< os && \"Linux\" >!< os) audit(AUDIT_OS_NOT, \"Windows or Linux\", os);\n}\n\nport = get_http_port(default:2381, embedded:TRUE);\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, prod, build_url(port:port, qs:dir+\"/\") );\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n audit(AUDIT_VER_FORMAT, version);\n\nif (\n ver_compare(ver:version_alt, fix:\"7.5.5\", strict:FALSE) == -1\n )\n{\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n\n report_items = make_array(\n \"Installed version\", version,\n \"Fixed version\", \"7.5.5\"\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n report += report_items_str(report_items:report_items, ordered_fields:order);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xss:TRUE);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:42:10", "description": "The version of Oracle MySQL installed on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646)\n\n - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668)\n\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to an unspecified flaw in LOCK TABLES that is triggered when opening a temporary MERGE table consisting of a view in the list of tables. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to a flaw that is triggered when repeatedly executing 'ALTER TABLE v1 CHECK PARTITION' as a prepared statement. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.", "cvss3": {"score": 5.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-05-02T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-0668"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_29_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/90831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90831);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2016-0640\",\n \"CVE-2016-0641\",\n \"CVE-2016-0644\",\n \"CVE-2016-0646\",\n \"CVE-2016-0649\",\n \"CVE-2016-0650\",\n \"CVE-2016-0661\",\n \"CVE-2016-0665\",\n \"CVE-2016-0668\"\n );\n\n script_name(english:\"Oracle MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities (April 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.6.x\nprior to 5.6.29. It is, therefore, affected by the following\nvulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled\n version of OpenSSL in file rsa_ameth.c due to improper\n handling of ASN.1 signatures that are missing the PSS\n parameter. A remote attacker can exploit this to cause\n the signature verification routine to crash, resulting\n in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to impact\n integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows an authenticated, remote attacker to\n disclose sensitive information or cause a denial of\n service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0644)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0646)\n\n - An unspecified flaw exists in the PS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0668)\n\n - A denial of service vulnerability exists in the bundled\n OpenSSL library due to improper handling of variables\n declared as TEXT or BLOB. An authenticated, remote\n attacker can exploit this to corrupt data or cause a\n denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An\n authenticated, remote attacker can exploit this to\n create an improper table or cause the server to exit, \n resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in LOCK TABLES that is triggered when\n opening a temporary MERGE table consisting of a view in\n the list of tables. An authenticated, remote attacker\n can exploit this to cause the server to exit, resulting\n in a denial of service condition.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when repeatedly executing 'ALTER TABLE\n v1 CHECK PARTITION' as a prepared statement. An\n authenticated, remote attacker can exploit this to cause\n the server to exit, resulting in a denial of service\n condition.\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2948264.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae0f7f52\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2120034.1\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffb7b96f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.29\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:40:38", "description": "The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL :\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-3195"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:juniper:screenos"], "id": "SCREENOS_JSA10733.NASL", "href": "https://www.tenable.com/plugins/nessus/93383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93383);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/30 11:55:11\");\n\n script_cve_id(\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-3195\"\n );\n script_bugtraq_id(\n 75156,\n 75157,\n 75161,\n 78626\n );\n script_xref(name:\"JSA\", value:\"JSA10733\");\n\n script_name(english:\"Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)\");\n script_summary(english:\"Checks the version of ScreenOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Juniper ScreenOS running on the remote host is 6.3.x\nprior to 6.3.0r22. It is, therefore, affected by multiple\nvulnerabilities in its bundled version of OpenSSL :\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. A remote attacker can exploit this to\n cause a denial of service condition or other potential\n unspecified impact. (CVE-2015-1791)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733\");\n # http://www.juniper.net/techpubs/en_US/screenos6.3.0/information-products/pathway-pages/screenos/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4eb1929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper ScreenOS version 6.3.0r22 or later. Alternatively,\nrefer to the vendor advisory for additional workarounds.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/o:juniper:screenos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"screenos_version.nbin\");\n script_require_keys(\"Host/Juniper/ScreenOS/display_version\", \"Host/Juniper/ScreenOS/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Juniper ScreenOS\";\ndisplay_version = get_kb_item_or_exit(\"Host/Juniper/ScreenOS/display_version\");\nversion = get_kb_item_or_exit(\"Host/Juniper/ScreenOS/version\");\n\n# prior to 6.3.0r22 are affected. 6.2 unsupported\n# fix is 6.3.0r22 and later\nif (version =~ \"^6\\.3([^0-9]|$)\" && ver_compare(ver:version, fix:\"6.3.0.22\", strict:FALSE) < 0)\n{\n display_fix = \"6.3.0r22\";\n\n port = 0;\n report =\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + display_fix +\n '\\n';\n\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, display_version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:30", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934]\n\n - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]\n\n - fix CVE-2014-3570 - Bignum squaring may produce incorrect results\n\n - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record\n\n - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method (can be reenabled by setting environment variable OPENSSL_ENABLE_SSL2)\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-06-22T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : openssl (OVMSA-2016-0071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0797"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2016-0071.NASL", "href": "https://www.tenable.com/plugins/nessus/91751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0071.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91751);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2015-3195\", \"CVE-2015-3197\", \"CVE-2016-0797\");\n script_bugtraq_id(71937, 71939, 71942, 74107, 75769);\n\n script_name(english:\"OracleVM 3.2 : openssl (OVMSA-2016-0071)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - To disable SSLv2 client connections create the file\n /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John\n Haxby) [orabug 21673934]\n\n - Backport openssl 08-Jan-2015 security fixes (John Haxby)\n [orabug 20409893]\n\n - fix CVE-2014-3570 - Bignum squaring may produce\n incorrect results\n\n - fix CVE-2014-3571 - DTLS segmentation fault in\n dtls1_get_record\n\n - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH\n [Client]\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and\n BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method (can be\n reenabled by setting environment variable\n OPENSSL_ENABLE_SSL2)\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000490.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"openssl-0.9.8e-39.0.1.el5_11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:41:54", "description": "The version of MySQL installed on the remote host is 5.5.x prior to 5.5.48, 5.6.x prior to 5.6.29, or 5.7.x prior to 5.7.11, and is affected by vulnerabilities in the following components :\n\n - Data Manipulation Language\n - Data Definition Language\n - Full-Text Search\n - MyISAM\n - PeopleSoft\n - Performance Schema\n - Pluggable Authentication\n - Replication\n - Server Connection\n - Server:Security\n - Server:InnoDB\n - Server:Optimizer\n - Server:Options\n", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2016-04-18T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.5.x < 5.5.48 / 5.6.x < 5.6.29 / 5.7.x < 5.7.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0668", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-5444", "CVE-2016-0656", "CVE-2016-0654", "CVE-2016-0658", "CVE-2016-0663", "CVE-2016-0653"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*"], "id": "9259.PRM", "href": "https://www.tenable.com/plugins/nnm/9259", "sourceData": "Binary data 9259.prm", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:10:53", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL :\n\n - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)\n\n - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled.\n (CVE-2015-3197)\n\n - A key disclosure vulnerability exists due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture. An attacker can exploit this to gain access to RSA key information.\n (CVE-2016-0702)\n\n - A flaw exists in the SSLv2 implementation, specifically in the get_client_master_key() function within file s2_srvr.c, due to accepting a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher. A man-in-the-middle attacker can exploit this to determine the MASTER-KEY value and decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0703)\n\n - A flaw exists in the SSLv2 oracle protection mechanism, specifically in the get_client_master_key() function within file s2_srvr.c, due to incorrectly overwriting MASTER-KEY bytes during use of export cipher suites.\n A remote attackers can exploit this to more easily decrypt TLS ciphertext by leveraging a Bleichenbacher RSA padding oracle. (CVE-2016-0704)\n\n - A double-free error exists due to improper validation of user-supplied input when parsing malformed DSA private keys. A remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-0705)\n\n - A NULL pointer dereference flaw exists in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797)\n\n - A denial of service vulnerability exists due to improper handling of invalid usernames. A remote attacker can exploit this, via a specially crafted username, to leak 300 bytes of memory per connection, exhausting available memory resources. (CVE-2016-0798)\n\n - Multiple memory corruption issues exist that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the ASN.1 encoder due to an underflow condition that occurs when attempting to encode the value zero represented as a negative integer. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)\n\n - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - An overflow condition exists in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - A flaw exists in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations. (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources.\n (CVE-2016-6307)\n\nNote that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1794", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2016-0702", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2180", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10759.NASL", "href": "https://www.tenable.com/plugins/nessus/96316", "sourceData": "#TRUSTED 4a1406c695c878696a86e068ac0059fdf28b0a5ca6e931f33b9fcdeb011c093eebe0c4d805fc6a1e8b9881b189b8d299e246224403c54cde12b10352c1a61ef8614967a5ccdd170d07d68e45b307c9992fc399974819e0b39b96130a2a973f1acfb54b8ded6d905456661a1e4bfffcd9f387a52a9870094e9ae010bf7c7da13fb431ffddc77c0723cdd4c9857509368070950998800c065f54ac172ed6ec1985d601e718e844c760a9b50cbf20544e9bdc582f2a84d88a37522be8f2316fcf866b24ec315ebfb3a82f079f5dd388ecb0cef3b32b94c3f320cced1b22a0fa765bdd240fd4bd2b6c22511bdeab8a049d01a5ed789a2a43aad42a93c8ede658ed95c3c3c44a95e822ccb2f7999bb1b586752908ae3942c82cd37ea3e24bfc980f0904b62bbfe030fdb72b5aaead4f9246f22fb69e27cc5a55bd1a49a7de64e868c6bfc9bcc7752c7c731436f484f137d0b764361eb4701c2e74c4c18b8709b0625b61d1b034e9bf50cadfe90b42e5528d6b752ca246559df558227f289e4846ce10ea3c0271511c6850099cf96432144bf78bc4b6121ad4fcdb120b0f2da49cd5260667f643c8b7ca9967c47a34a33cb8617b831bd575438e585d051f411c2d931a0b46a63a1a3549cc5b0be76767467800806eafc691f603c87fadeacbc7c4a2d51f5861e245c7804a7534ea882c6d144ba1803d2e01fba97bd12521bc285c9a10\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96316);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/08/10\");\n\n script_cve_id(\n \"CVE-2015-1794\",\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-3197\",\n \"CVE-2016-0702\",\n \"CVE-2016-0703\",\n \"CVE-2016-0704\",\n \"CVE-2016-0705\",\n \"CVE-2016-0797\",\n \"CVE-2016-0798\",\n \"CVE-2016-0799\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2180\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6305\",\n \"CVE-2016-6306\",\n \"CVE-2016-6307\"\n );\n script_bugtraq_id(\n 78622,\n 78623,\n 78626,\n 82237,\n 83705,\n 83743,\n 83754,\n 83755,\n 83763,\n 83764,\n 87940,\n 89744,\n 89752,\n 89757,\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92984,\n 93149,\n 93150,\n 93152,\n 93153\n );\n script_xref(name:\"JSA\", value:\"JSA10759\");\n\n script_name(english:\"Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10759) (SWEET32)\");\n script_summary(english:\"Checks the Junos version and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by the following vulnerabilities related to\nOpenSSL :\n\n - A flaw exists in the ssl3_get_key_exchange() function\n in file s3_clnt.c when handling a ServerKeyExchange\n message for an anonymous DH ciphersuite with the value\n of 'p' set to 0. A attacker can exploit this, by causing\n a segmentation fault, to crash an application linked\n against the library, resulting in a denial of service.\n (CVE-2015-1794)\n\n - A carry propagating flaw exists in the x86_64 Montgomery\n squaring implementation that may cause the BN_mod_exp()\n function to produce incorrect results. An attacker can\n exploit this to obtain sensitive information regarding\n private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in file\n rsa_ameth.c due to improper handling of ASN.1 signatures\n that are missing the PSS parameter. A remote attacker\n can exploit this to cause the signature verification\n routine to crash, resulting in a denial of service\n condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - A race condition exists in s3_clnt.c that is triggered\n when PSK identity hints are incorrectly updated in the\n parent SSL_CTX structure when they are received by a\n multi-threaded client. A remote attacker can exploit\n this, via a crafted ServerKeyExchange message, to cause\n a double-free memory error, resulting in a denial of\n service. (CVE-2015-3196)\n\n - A cipher algorithm downgrade vulnerability exists due to\n a flaw that is triggered when handling cipher\n negotiation. A remote attacker can exploit this to\n negotiate SSLv2 ciphers and complete SSLv2 handshakes\n even if all SSLv2 ciphers have been disabled on the\n server. Note that this vulnerability only exists if the\n SSL_OP_NO_SSLv2 option has not been disabled.\n (CVE-2015-3197)\n\n - A key disclosure vulnerability exists due to improper\n handling of cache-bank conflicts on the Intel\n Sandy-bridge microarchitecture. An attacker can exploit\n this to gain access to RSA key information.\n (CVE-2016-0702)\n\n - A flaw exists in the SSLv2 implementation,\n specifically in the get_client_master_key() function\n within file s2_srvr.c, due to accepting a nonzero\n CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an\n arbitrary cipher. A man-in-the-middle attacker can\n exploit this to determine the MASTER-KEY value and\n decrypt TLS ciphertext by leveraging a Bleichenbacher\n RSA padding oracle. (CVE-2016-0703)\n\n - A flaw exists in the SSLv2 oracle protection mechanism,\n specifically in the get_client_master_key() function\n within file s2_srvr.c, due to incorrectly overwriting\n MASTER-KEY bytes during use of export cipher suites.\n A remote attackers can exploit this to more easily\n decrypt TLS ciphertext by leveraging a Bleichenbacher\n RSA padding oracle. (CVE-2016-0704)\n\n - A double-free error exists due to improper validation of\n user-supplied input when parsing malformed DSA private\n keys. A remote attacker can exploit this to corrupt\n memory, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2016-0705)\n\n - A NULL pointer dereference flaw exists in the\n BN_hex2bn() and BN_dec2bn() functions. A remote attacker\n can exploit this to trigger a heap corruption, resulting\n in the execution of arbitrary code. (CVE-2016-0797)\n\n - A denial of service vulnerability exists due to improper\n handling of invalid usernames. A remote attacker can\n exploit this, via a specially crafted username, to leak\n 300 bytes of memory per connection, exhausting available\n memory resources. (CVE-2016-0798)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - A heap buffer overflow condition exists in the\n EVP_EncryptUpdate() function within file\n crypto/evp/evp_enc.c that is triggered when handling a\n large amount of input data after a previous call occurs\n to the same function with a partial block. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition. (CVE-2016-2106)\n\n - A remote code execution vulnerability exists in the\n ASN.1 encoder due to an underflow condition that occurs\n when attempting to encode the value zero represented as\n a negative integer. An unauthenticated, remote attacker\n can exploit this to corrupt memory, resulting in the\n execution of arbitrary code. (CVE-2016-2108)\n\n - Multiple unspecified flaws exist in the d2i BIO\n functions when reading ASN.1 data from a BIO due to\n invalid encoding causing a large allocation of memory.\n An unauthenticated, remote attacker can exploit these to\n cause a denial of service condition through resource\n exhaustion. (CVE-2016-2109)\n\n - Multiple integer overflow conditions exist in s3_srvr.c,\n ssl_sess.c, and t1_lib.c due to improper use of pointer\n arithmetic for heap-buffer boundary checks. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service. (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n dsa_sign_setup() function in dsa_ossl.c due to a failure\n to properly ensure the use of constant-time operations.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose DSA key\n information. (CVE-2016-2178)\n\n - An out-of-bounds read error exists in the X.509 Public\n Key Infrastructure Time-Stamp Protocol (TSP)\n implementation. An unauthenticated, remote attacker can\n exploit this, via a crafted time-stamp file that is\n mishandled by the 'openssl ts' command, to cause\n denial of service or to disclose sensitive information.\n (CVE-2016-2180)\n\n - An overflow condition exists in the BN_bn2dec() function\n in bn_print.c due to improper validation of\n user-supplied input when handling BIGNUM values. An\n unauthenticated, remote attacker can exploit this to\n crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the 3DES\n and Blowfish algorithms due to the use of weak 64-bit\n block ciphers by default. A man-in-the-middle attacker\n who has sufficient resources can exploit this\n vulnerability, via a 'birthday' attack, to detect a\n collision that leaks the XOR between the fixed secret\n and a known plaintext, allowing the disclosure of the\n secret text, such as secure HTTPS cookies, and possibly\n resulting in the hijacking of an authenticated session.\n (CVE-2016-2183)\n\n - A flaw exists in the tls_decrypt_ticket() function in\n t1_lib.c due to improper handling of ticket HMAC\n digests. An unauthenticated, remote attacker can exploit\n this, via a ticket that is too short, to crash the\n process, resulting in a denial of service.\n (CVE-2016-6302)\n\n - An integer overflow condition exists in the\n MDC2_Update() function in mdc2dgst.c due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6303)\n\n - A flaw exists in the ssl_parse_clienthello_tlsext()\n function in t1_lib.c due to improper handling of overly\n large OCSP Status Request extensions from clients. An\n unauthenticated, remote attacker can exploit this, via\n large OCSP Status Request extensions, to exhaust memory\n resources, resulting in a denial of service condition.\n (CVE-2016-6304)\n\n - A flaw exists in the SSL_peek() function in\n rec_layer_s3.c due to improper handling of empty\n records. An unauthenticated, remote attacker can exploit\n this, by triggering a zero-length record in an SSL_peek\n call, to cause an infinite loop, resulting in a denial\n of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the certificate\n parser that allows an unauthenticated, remote attacker\n to cause a denial of service via crafted certificate\n operations. (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the\n state-machine implementation due to a failure to check\n for an excessive length before allocating memory. An\n unauthenticated, remote attacker can exploit this, via a\n crafted TLS message, to exhaust memory resources.\n (CVE-2016-6307)\n\nNote that these issues only affects devices with J-Web or the SSL\nservice for JUNOScript enabled.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20151203.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160128.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160301.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20160922.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release or workaround referenced in\nJuniper advisory JSA10759.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nfixes = make_nested_array();\n\nfixes[\"December 2015\"][\"CVEs\"] =\n \"CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3197\";\nfixes[\"December 2015\"][\"Fixed Versions\"] =\n \"12.1X44-D60, 12.1X46-D45, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3R13, 12.3X48-D25, 13.2X51-D40, 13.3R9, 14.1R7, 14.1X53-D35, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D35, 16.1R1\";\n\nfixes[\"March 2016\"][\"CVEs\"] =\n \"CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704\";\nfixes[\"March 2016\"][\"Fixed Versions\"] =\n \"13.3R10, 14.1R8, 14.1X53-D40, 14.2R7, 15.1F5-S4, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D50, 16.1R1\";\n\nfixes[\"May 2016\"][\"CVEs\"] =\n \"CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109\";\nfixes[\"May 2016\"][\"Fixed Versions\"] =\n \"13.3R10, 14.1R9, 14.1X53-D40, 14.2R8, 15.1F5-S4, 15.1F6-S2, 15.1R4, 15.1X53-D50, 15.1X53-D60, 16.1R1\";\n\nfixes[\"September 2016\"][\"CVEs\"] =\n \"CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307\";\nfixes[\"September 2016\"][\"Fixed Versions\"] =\n \"12.1X46-D65, 13.3R10, 14.1R9, 14.1X55-D35, 14.2R8, 15.1F5-S5, 15.1R4-S5, 15.1R5, 15.1X49-D70, 16.1R3\";\n\nreport = junos_multi_check_and_report(ver:ver, fixes:fixes);\nif (isnull(report)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver);\n\n# Configuration check: HTTPS or XNM-SSL must be enabled\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n patterns = make_list(\n \"^set system services web-management https interface\", # HTTPS\n \"^set system services xnm-ssl\" # SSL Service for JUNOScript (XNM-SSL)\n );\n foreach pattern (patterns)\n {\n if (junos_check_config(buf:buf, pattern:pattern))\n {\n override = FALSE;\n break;\n }\n }\n if (override) audit(AUDIT_HOST_NOT,\n 'affected because J-Web and SSL Service for JUNOScript (XNM-SSL) are not enabled');\n}\n\nextra = junos_caveat(override);\nif (report_verbosity > 0)\n extra = report + junos_caveat(override);\n\nsecurity_report_v4(port:0, extra:extra, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:59", "description": "The version of Oracle MySQL installed on the remote host is 5.7.x prior to 5.7.11. It is, therefore, affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\n - An unspecified flaw exists in the DML subcomponent that allows a local attacker to impact integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows a local attacker to disclose potentially sensitive information or cause a denial of service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0644)\n\n - Multiple unspecified flaws exist in the DML subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652)\n\n - An unspecified flaw exists in the PS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0650)\n\n - An unspecified flaw exists in the FTS subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0653)\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0658)\n\n - An unspecified flaw exists in the Options subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Performance Schema subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0663)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-0665)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3452)\n\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to improper handling of queries that contain 'WHERE 0'. An authenticated, remote attacker can exploit this to cause an uninitialized read, resulting in a denial of service condition.", "cvss3": {"score": 5.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-05-02T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0652", "CVE-2016-0653", "CVE-2016-0654", "CVE-2016-0656", "CVE-2016-0658", "CVE-2016-0661", "CVE-2016-0663", "CVE-2016-0665", "CVE-2016-0668", "CVE-2016-3452"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_11_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/90833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90833);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2016-0640\",\n \"CVE-2016-0641\",\n \"CVE-2016-0644\",\n \"CVE-2016-0646\",\n \"CVE-2016-0649\",\n \"CVE-2016-0650\",\n \"CVE-2016-0652\",\n \"CVE-2016-0653\",\n \"CVE-2016-0654\",\n \"CVE-2016-0656\",\n \"CVE-2016-0658\",\n \"CVE-2016-0661\",\n \"CVE-2016-0663\",\n \"CVE-2016-0665\",\n \"CVE-2016-0668\",\n \"CVE-2016-3452\"\n );\n script_bugtraq_id(\n 78623,\n 78626,\n 86427,\n 86431,\n 86436,\n 86439,\n 86442,\n 86451,\n 86454,\n 86463,\n 86467,\n 86470,\n 86496,\n 86498,\n 86504,\n 86511,\n 86513,\n 91999\n );\n\n script_name(english:\"Oracle MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities (April 2016 CPU) (July 2016 CPU)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle MySQL installed on the remote host is 5.7.x\nprior to 5.7.11. It is, therefore, affected by the following\nvulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled\n version of OpenSSL in file rsa_ameth.c due to improper\n handling of ASN.1 signatures that are missing the PSS\n parameter. A remote attacker can exploit this to cause\n the signature verification routine to crash, resulting\n in a denial of service condition. (CVE-2015-3194)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows a local attacker to impact integrity and\n availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows a local attacker to disclose potentially\n sensitive information or cause a denial of service\n condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows a local attacker to cause a denial of service\n condition. (CVE-2016-0644)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow a local attacker to cause a denial of\n service condition. (CVE-2016-0646, CVE-2016-0652)\n\n - An unspecified flaw exists in the PS subcomponent that\n allows a local attacker to cause a denial of service\n condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-0650)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows a local attacker to cause a denial of service\n condition. (CVE-2016-0653)\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow a local attacker to cause a\n denial of service condition. (CVE-2016-0654,\n CVE-2016-0656, CVE-2016-0668)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2016-0658)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to cause a denial of\n service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Performance Schema\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-0663)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-0665)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n (CVE-2016-3452)\n\n - A denial of service vulnerability exists in the bundled\n OpenSSL library due to improper handling of variables\n declared as TEXT or BLOB. An authenticated, remote\n attacker can exploit this to corrupt data or cause a\n denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An\n authenticated, remote attacker can exploit this to\n create an improper table or cause the server to exit, \n resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to improper\n handling of queries that contain 'WHERE 0'. An\n authenticated, remote attacker can exploit this to cause\n an uninitialized read, resulting in a denial of service\n condition.\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2948264.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae0f7f52\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2120034.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffb7b96f\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.11\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2022-06-19T14:34:14", "description": "The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :\n\n - An integer overflow condition exists in the X Server subcomponent in the read_packet() function due to improper validation of user-supplied input when calculating the amount of memory required to handle returned data. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability only affects versions 4.71 and 5.2. (CVE-2013-2064)\n\n - A carry propagating flaw exists in the OpenSSL subcomponent in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A key disclosure vulnerability exists in the OpenSSL subcomponent due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture.\n An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702)\n\n - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797)\n\n - Multiple memory corruption issues exist in the OpenSSL subcomponent that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - An unspecified flaw exists in the OpenSSL subcomponent that allows a remote attacker to execute arbitrary code. (CVE-2016-3613)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2064", "CVE-2015-3193", "CVE-2015-3194", "CVE-2016-0702", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-3613"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/92543", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92543);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2013-2064\",\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2016-0702\",\n \"CVE-2016-0797\",\n \"CVE-2016-0799\",\n \"CVE-2016-2105\",\n \"CVE-2016-2107\",\n \"CVE-2016-3613\"\n );\n script_bugtraq_id(\n 60148,\n 78623,\n 83755,\n 83763,\n 89757,\n 89760,\n 91856\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Checks the version of Oracle Secure Global Desktop.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Secure Global Desktop installed on the remote\nhost is 4.63, 4.71, or 5.2 and is missing a security patch from the\nJuly 2016 Critical Patch Update (CPU). It is, therefore, affected by\nthe following vulnerabilities :\n\n - An integer overflow condition exists in the X Server\n subcomponent in the read_packet() function due to\n improper validation of user-supplied input when\n calculating the amount of memory required to handle\n returned data. A remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. Note that this vulnerability only\n affects versions 4.71 and 5.2. (CVE-2013-2064)\n\n - A carry propagating flaw exists in the OpenSSL\n subcomponent in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An attacker can exploit\n this to obtain sensitive information regarding private\n keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in the OpenSSL\n subcomponent in file rsa_ameth.c when handling ASN.1\n signatures that use the RSA PSS algorithm but are\n missing a mask generation function parameter. A remote\n attacker can exploit this to cause the signature\n verification routine to crash, leading to a denial of\n service. (CVE-2015-3194)\n\n - A key disclosure vulnerability exists in the OpenSSL\n subcomponent due to improper handling of cache-bank\n conflicts on the Intel Sandy-bridge microarchitecture.\n An attacker can exploit this to gain access to RSA key\n information. (CVE-2016-0702)\n\n - A NULL pointer dereference flaw exists in the OpenSSL\n subcomponent in the BN_hex2bn() and BN_dec2bn()\n functions. A remote attacker can exploit this to trigger\n a heap corruption, resulting in the execution of\n arbitrary code. (CVE-2016-0797)\n\n - Multiple memory corruption issues exist in the OpenSSL\n subcomponent that allow a remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the OpenSSL\n subcomponent in the EVP_EncodeUpdate() function within\n file crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the\n aesni_cbc_hmac_sha1_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha1.c and the\n aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - An unspecified flaw exists in the OpenSSL subcomponent\n that allows a remote attacker to execute arbitrary\n code. (CVE-2016-3613)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3613\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Oracle Secure Global Desktop\";\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = NULL;\n\nif (version =~ \"^5\\.20($|\\.)\") fix_required = 'Patch_52p6';\nelse if (version =~ \"^4\\.71($|\\.)\") fix_required = 'Patch_471p9';\nelse if (version =~ \"^4\\.63($|\\.)\") fix_required = 'Patch_463p9';\n\nif (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n{\n if (patch == fix_required)\n {\n patched = TRUE;\n break;\n }\n}\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');\n\nreport = '\\n Installed version : ' + version +\n '\\n Patch required : ' + fix_required +\n '\\n';\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:22:03", "description": "OpenSSL was update to fix security issues and bugs :\n\nCVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the OpenSSL library to :\n\nDisable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously.\n\nDisable all weak EXPORT ciphers by default. These can be re-enabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'.\n\nCVE-2016-0797 (bsc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.\n\nCVE-2016-0799 (bsc#968374): On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments.\nLibssl is not considered directly vulnerable.\n\nCVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers.\n\nCVE-2015-3195 (bsc#957812): An X509_ATTRIBUTE memory leak was fixed.\n\nFixed a regression caused by the openssl-CVE-2015-0287.patch (bsc#937492)\n\nNote that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015 :\n\nCVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier.\n\nCVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-08T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0287", "CVE-2015-0293", "CVE-2015-3195", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-0800"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-devel", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2016-0678-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0678-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89731);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0287\", \"CVE-2015-0293\", \"CVE-2015-3195\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0797\", \"CVE-2016-0799\", \"CVE-2016-0800\");\n script_bugtraq_id(73227, 73232);\n\n script_name(english:\"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2016:0678-1) (DROWN)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was update to fix security issues and bugs :\n\nCVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was\nvulnerable to a cross-protocol attack that could lead to decryption of\nTLS sessions by using a server supporting SSLv2 and EXPORT cipher\nsuites as a Bleichenbacher RSA padding oracle. This update changes the\nOpenSSL library to :\n\nDisable SSLv2 protocol support by default. This can be overridden by\nsetting the environment variable 'OPENSSL_ALLOW_SSL2' or by using\nSSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that\nvarious services and clients had already disabled SSL protocol 2 by\ndefault previously.\n\nDisable all weak EXPORT ciphers by default. These can be re-enabled if\nrequired by old legacy software using the environment variable\n'OPENSSL_ALLOW_EXPORT'.\n\nCVE-2016-0797 (bsc#968048): The BN_hex2bn() and BN_dec2bn() functions\nhad a bug that could result in an attempt to de-reference a NULL\npointer leading to crashes. This could have security consequences if\nthese functions were ever called by user applications with large\nuntrusted hex/decimal data. Also, internal usage of these functions in\nOpenSSL uses data from config files or application command line\narguments. If user developed applications generated config file data\nbased on untrusted data, then this could have had security\nconsequences as well.\n\nCVE-2016-0799 (bsc#968374): On many 64 bit systems, the internal\nfmtstr() and doapr_outch() functions could miscalculate the length of\na string and attempt to access out-of-bounds memory locations. These\nproblems could have enabled attacks where large amounts of untrusted\ndata is passed to the BIO_*printf functions. If applications use these\nfunctions in this way then they could have been vulnerable. OpenSSL\nitself uses these functions when printing out human-readable dumps of\nASN.1 data. Therefore applications that print this data could have\nbeen vulnerable if the data is from untrusted sources. OpenSSL command\nline applications could also have been vulnerable when they print out\nASN.1 data, or if untrusted data is passed as command line arguments.\nLibssl is not considered directly vulnerable.\n\nCVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled\nciphers.\n\nCVE-2015-3195 (bsc#957812): An X509_ATTRIBUTE memory leak was fixed.\n\nFixed a regression caused by the openssl-CVE-2015-0287.patch\n(bsc#937492)\n\nNote that the March 1st 2016 release also references following CVEs\nthat were fixed by us with CVE-2015-0293 in 2015 :\n\nCVE-2016-0703 (bsc#968051): This issue only affected versions of\nOpenSSL prior to March 19th 2015 at which time the code was refactored\nto address vulnerability CVE-2015-0293. It would have made the above\n'DROWN' attack much easier.\n\nCVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This\nissue only affected versions of OpenSSL prior to March 19th 2015 at\nwhich time the code was refactored to address vulnerability\nCVE-2015-0293. It would have made the above 'DROWN' attack much\neasier.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968374\"\n );\n # https://download.suse.com/patch/finder/?keywords=5965d0982b34e01de9e5c15991f88378\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5289575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0287/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3195/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3197/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0703/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0704/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0797/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0800/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160678-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d95a1fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenSSL packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-32bit-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-devel-32bit-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-devel-0.9.8a-18.94.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-doc-0.9.8a-18.94.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:55:57", "description": "According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note:\n this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.(CVE-2015-0292)\n\n - An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789)\n\n - A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash.(CVE-2015-3195)\n\n - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.(CVE-2014-3571)\n\n - OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.(CVE-2016-2177)\n\n - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105)\n\n - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106)\n\n - A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.(CVE-2016-2108)\n\n - A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data.(CVE-2016-2109)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3571", "CVE-2015-0292", "CVE-2015-1789", "CVE-2015-3195", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1861.NASL", "href": "https://www.tenable.com/plugins/nessus/128913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128913);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3571\",\n \"CVE-2015-0292\",\n \"CVE-2015-1789\",\n \"CVE-2015-3195\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2108\",\n \"CVE-2016-2109\",\n \"CVE-2016-2177\"\n );\n script_bugtraq_id(\n 71937,\n 73228,\n 74107,\n 75156,\n 75769\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer underflow flaw, leading to a buffer\n overflow, was found in the way OpenSSL decoded\n malformed Base64-encoded inputs. An attacker able to\n make an application using OpenSSL decode a specially\n crafted Base64-encoded input (such as a PEM file) could\n use this flaw to cause the application to crash. Note:\n this flaw is not exploitable via the TLS/SSL protocol\n because the data being transferred is not\n Base64-encoded.(CVE-2015-0292)\n\n - An out-of-bounds read flaw was found in the\n X509_cmp_time() function of OpenSSL, which is used to\n test the expiry dates of SSL/TLS certificates. An\n attacker could possibly use a specially crafted SSL/TLS\n certificate or CRL (Certificate Revocation List), which\n when parsed by an application would cause that\n application to crash.(CVE-2015-1789)\n\n - A memory leak vulnerability was found in the way\n OpenSSL parsed PKCS#7 and CMS data. A remote attacker\n could use this flaw to cause an application that parses\n PKCS#7 or CMS data from untrusted sources to use an\n excessive amount of memory and possibly\n crash.(CVE-2015-3195)\n\n - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1\n before 1.0.1k allows remote attackers to cause a denial\n of service (NULL pointer dereference and application\n crash) via a crafted DTLS message that is processed\n with a different read operation for the handshake\n header than for the handshake body, related to the\n dtls1_get_record function in d1_pkt.c and the\n ssl3_read_n function in s3_pkt.c.(CVE-2014-3571)\n\n - OpenSSL through 1.0.2h incorrectly uses pointer\n arithmetic for heap-buffer boundary checks, which might\n allow remote attackers to cause a denial of service\n (integer overflow and application crash) or possibly\n have unspecified other impact by leveraging unexpected\n malloc behavior, related to s3_srvr.c, ssl_sess.c, and\n t1_lib.c.(CVE-2016-2177)\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncodeUpdate() function of\n OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2105)\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncryptUpdate() function\n of OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2106)\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library.(CVE-2016-2108)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data.(CVE-2016-2109)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1861\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69e3dde9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:41:57", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities :\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)\n - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646)\n - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-0650)\n - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-0665)\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668)\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n - A denial of service vulnerability exists due to an unspecified flaw in LOCK TABLES that is triggered when opening a temporary MERGE table consisting of a view in the list of tables. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.\n - A denial of service vulnerability exists due to a flaw that is triggered when repeatedly executing 'ALTER TABLE v1 CHECK PARTITION' as a prepared statement. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.29 Multiple DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0668", "CVE-2016-0661", "CVE-2016-0665"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"], "id": "9238.PRM", "href": "https://www.tenable.com/plugins/nnm/9238", "sourceData": "Binary data 9238.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:53:24", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities :\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)\n - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646)\n - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-0650)\n - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.(CVE-2016-0665)\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668)\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n - A denial of service vulnerability exists due to an unspecified flaw in LOCK TABLES that is triggered when opening a temporary MERGE table consisting of a view in the list of tables. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.\n - A denial of service vulnerability exists due to a flaw that is triggered when repeatedly executing 'ALTER TABLE v1 CHECK PARTITION' as a prepared statement. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.5.x < 5.5.48 Multiple DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-0668"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"], "id": "9254.PRM", "href": "https://www.tenable.com/plugins/nnm/9254", "sourceData": "Binary data 9254.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2022-05-25T17:54:41", "description": "The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-17T00:00:00", "type": "nessus", "title": "Apple Xcode < 8.1 Node.js Multiple RCE (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3193", "CVE-2015-3194", "CVE-2015-6764", "CVE-2015-8027", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-1669", "CVE-2016-2086", "CVE-2016-2216"], "modified": "2020-05-05T00:00:00", "cpe": ["cpe:/a:apple:xcode"], "id": "MACOSX_XCODE_81.NASL", "href": "https://www.tenable.com/plugins/nessus/94935", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94935);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/05\");\n\n script_cve_id(\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2015-6764\",\n \"CVE-2015-8027\",\n \"CVE-2016-0702\",\n \"CVE-2016-0705\",\n \"CVE-2016-0797\",\n \"CVE-2016-1669\",\n \"CVE-2016-2086\",\n \"CVE-2016-2216\"\n );\n script_bugtraq_id(\n 78207,\n 78209,\n 78623,\n 83141,\n 83282,\n 83754,\n 83763,\n 90584\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-10-27-1\");\n\n script_name(english:\"Apple Xcode < 8.1 Node.js Multiple RCE (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An IDE application installed on the remote macOS or Mac OS X host is affected by multiple remote code execution\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected\nby multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated,\nremote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary\ncode.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207268\");\n # http://lists.apple.com/archives/security-announce/2016/Oct/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0f77052\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Xcode version 8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0705\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:xcode\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_xcode_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Apple Xcode\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os))\n audit(AUDIT_OS_NOT, 'macOS or Mac OS X');\n\napp_info = vcf::get_app_info(app:'Apple Xcode');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '8.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:42:55", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.29. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646)\n\n - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0668)\n\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to an unspecified flaw in LOCK TABLES that is triggered when opening a temporary MERGE table consisting of a view in the list of tables. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to a flaw that is triggered when repeatedly executing 'ALTER TABLE v1 CHECK PARTITION' as a prepared statement. An authenticated, remote attacker can exploit this to cause the server to exit, resulting in a denial of service condition.", "cvss3": {"score": 5.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-03-01T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-0668"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_29.NASL", "href": "https://www.tenable.com/plugins/nessus/89055", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89055);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2016-0640\",\n \"CVE-2016-0641\",\n \"CVE-2016-0644\",\n \"CVE-2016-0646\",\n \"CVE-2016-0649\",\n \"CVE-2016-0650\",\n \"CVE-2016-0661\",\n \"CVE-2016-0665\",\n \"CVE-2016-0668\"\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.29 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.29. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled\n version of OpenSSL in file rsa_ameth.c due to improper\n handling of ASN.1 signatures that are missing the PSS\n parameter. A remote attacker can exploit this to cause\n the signature verification routine to crash, resulting\n in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to impact\n integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows an authenticated, remote attacker to\n disclose sensitive information or cause a denial of\n service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0644)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0646)\n\n - An unspecified flaw exists in the PS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0668)\n\n - A denial of service vulnerability exists in the bundled\n OpenSSL library due to improper handling of variables\n declared as TEXT or BLOB. An authenticated, remote\n attacker can exploit this to corrupt data or cause a\n denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An\n authenticated, remote attacker can exploit this to\n create an improper table or cause the server to exit, \n resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to an\n unspecified flaw in LOCK TABLES that is triggered when\n opening a temporary MERGE table consisting of a view in\n the list of tables. An authenticated, remote attacker\n can exploit this to cause the server to exit, resulting\n in a denial of service condition.\n\n - A denial of service vulnerability exists due to a flaw\n that is triggered when repeatedly executing 'ALTER TABLE\n v1 CHECK PARTITION' as a prepared statement. An\n authenticated, remote attacker can exploit this to cause\n the server to exit, resulting in a denial of service\n condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0defed6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/01\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.29', min:'5.6', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:42:43", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.11. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled version of OpenSSL in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to impact integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent that allows an authenticated, remote attacker to disclose sensitive information or cause a denial of service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0644)\n\n - Multiple unspecified flaws exist in the DML subcomponent that allow an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0646, CVE-2016-0652)\n\n - An unspecified flaw exists in the PS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0653)\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0658)\n\n - An unspecified flaw exists in the Options subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Performance Schema subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0663)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - A denial of service vulnerability exists in the bundled OpenSSL library due to improper handling of variables declared as TEXT or BLOB. An authenticated, remote attacker can exploit this to corrupt data or cause a denial of service condition.\n\n - A denial of service vulnerability exists that is triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An authenticated, remote attacker can exploit this to create an improper table or cause the server to exit, resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to improper handling of queries that contain 'WHERE 0'. An authenticated, remote attacker can exploit this to cause an uninitialized read, resulting in a denial of service condition.", "cvss3": {"score": 5.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-03-01T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0652", "CVE-2016-0653", "CVE-2016-0654", "CVE-2016-0656", "CVE-2016-0658", "CVE-2016-0661", "CVE-2016-0663", "CVE-2016-0665", "CVE-2016-0668"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_11.NASL", "href": "https://www.tenable.com/plugins/nessus/89056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89056);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2016-0640\",\n \"CVE-2016-0641\",\n \"CVE-2016-0644\",\n \"CVE-2016-0646\",\n \"CVE-2016-0649\",\n \"CVE-2016-0650\",\n \"CVE-2016-0652\",\n \"CVE-2016-0653\",\n \"CVE-2016-0654\",\n \"CVE-2016-0656\",\n \"CVE-2016-0658\",\n \"CVE-2016-0661\",\n \"CVE-2016-0663\",\n \"CVE-2016-0665\",\n \"CVE-2016-0668\"\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.11. It is, therefore, potentially affected by multiple\nvulnerabilities :\n\n - A NULL pointer dereference flaw exists in the bundled\n version of OpenSSL in file rsa_ameth.c due to improper\n handling of ASN.1 signatures that are missing the PSS\n parameter. A remote attacker can exploit this to cause\n the signature verification routine to crash, resulting\n in a denial of service condition. (CVE-2015-3194)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to impact\n integrity and availability. (CVE-2016-0640)\n\n - An unspecified flaw exists in the MyISAM subcomponent\n that allows an authenticated, remote attacker to\n disclose sensitive information or cause a denial of\n service condition. (CVE-2016-0641)\n\n - An unspecified flaw exists in the DDL subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0644)\n\n - Multiple unspecified flaws exist in the DML subcomponent\n that allow an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0646,\n CVE-2016-0652)\n\n - An unspecified flaw exists in the PS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0649)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0650)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0653)\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0654, CVE-2016-0656, CVE-2016-0668)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0658)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-0661)\n\n - An unspecified flaw exists in the Performance Schema\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0663)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-0665)\n\n - A denial of service vulnerability exists in the bundled\n OpenSSL library due to improper handling of variables\n declared as TEXT or BLOB. An authenticated, remote\n attacker can exploit this to corrupt data or cause a\n denial of service condition.\n\n - A denial of service vulnerability exists that is\n triggered when handling a 'CREATE TEMPORARY TABLE ..\n SELECT' statement involving BIT columns. An\n authenticated, remote attacker can exploit this to\n create an improper table or cause the server to exit, \n resulting in a denial of service condition.\n\n - A denial of service vulnerability exists due to improper\n handling of queries that contain 'WHERE 0'. An\n authenticated, remote attacker can exploit this to cause\n an uninitialized read, resulting in a denial of service\n condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-11.html\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0defed6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0641\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/01\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.11', min:'5.7', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2022-06-16T20:24:41", "description": "This mysql-community-server version update to 5.6.30 fixes the following issues :\n\nSecurity issues fixed :\n\n - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705, CVE-2016-0639, CVE-2015-3194, CVE-2016-0640, CVE-2016-2047, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0665, CVE-2016-0666, CVE-2016-0641, CVE-2016-0642, CVE-2016-0655, CVE-2016-0661, CVE-2016-0668, CVE-2016-0643\n\n - changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 30.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 29.html\n\nBugs fixed :\n\n - don't delete the log data when migration fails\n\n - add 'log-error' and 'secure-file-priv' configuration options (added via configuration-tweaks.tar.bz2) [boo#963810]\n\n - add '/etc/my.cnf.d/error_log.conf' that specifies 'log-error = /var/log/mysql/mysqld.log'. If no path is set, the error log is written to '/var/lib/mysql/$HOSTNAME.err', which is not picked up by logrotate.\n\n - add '/etc/my.cnf.d/secure_file_priv.conf' which specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD FILE()' will only work with files in the directory specified by 'secure-file-priv' option (='/var/lib/mysql-files').", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : mysql-community-server (openSUSE-2016-607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2016-0639", "CVE-2016-0640", "CVE-2016-0641", "CVE-2016-0642", "CVE-2016-0643", "CVE-2016-0644", "CVE-2016-0646", "CVE-2016-0647", "CVE-2016-0648", "CVE-2016-0649", "CVE-2016-0650", "CVE-2016-0655", "CVE-2016-0661", "CVE-2016-0665", "CVE-2016-0666", "CVE-2016-0668", "CVE-2016-0705", "CVE-2016-2047"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libmysql56client18", "p-cpe:/a:novell:opensuse:libmysql56client18-32bit", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo", "p-cpe:/a:novell:opensuse:libmysql56client18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libmysql56client_r18", "p-cpe:/a:novell:opensuse:libmysql56client_r18-32bit", "p-cpe:/a:novell:opensuse:mysql-community-server", "p-cpe:/a:novell:opensuse:mysql-community-server-bench", "p-cpe:/a:novell:opensuse:mysql-community-server-bench-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-client", "p-cpe:/a:novell:opensuse:mysql-community-server-client-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-debugsource", "p-cpe:/a:novell:opensuse:mysql-community-server-errormessages", "p-cpe:/a:novell:opensuse:mysql-community-server-test", "p-cpe:/a:novell:opensuse:mysql-community-server-test-debuginfo", "p-cpe:/a:novell:opensuse:mysql-community-server-tools", "p-cpe:/a:novell:opensuse:mysql-community-server-tools-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-607.NASL", "href": "https://www.tenable.com/plugins/nessus/91277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-607.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91277);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2016-0639\", \"CVE-2016-0640\", \"CVE-2016-0641\", \"CVE-2016-0642\", \"CVE-2016-0643\", \"CVE-2016-0644\", \"CVE-2016-0646\", \"CVE-2016-0647\", \"CVE-2016-0648\", \"CVE-2016-0649\", \"CVE-2016-0650\", \"CVE-2016-0655\", \"CVE-2016-0661\", \"CVE-2016-0665\", \"CVE-2016-0666\", \"CVE-2016-0668\", \"CVE-2016-0705\", \"CVE-2016-2047\");\n\n script_name(english:\"openSUSE Security Update : mysql-community-server (openSUSE-2016-607)\");\n script_summary(english:\"Check for the openSUSE-2016-607 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This mysql-community-server version update to 5.6.30 fixes the\nfollowing issues :\n\nSecurity issues fixed :\n\n - fixed CVEs (boo#962779, boo#959724): CVE-2016-0705,\n CVE-2016-0639, CVE-2015-3194, CVE-2016-0640,\n CVE-2016-2047, CVE-2016-0644, CVE-2016-0646,\n CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,\n CVE-2016-0650, CVE-2016-0665, CVE-2016-0666,\n CVE-2016-0641, CVE-2016-0642, CVE-2016-0655,\n CVE-2016-0661, CVE-2016-0668, CVE-2016-0643\n\n - changes\n http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-\n 30.html\n http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-\n 29.html\n\nBugs fixed :\n\n - don't delete the log data when migration fails\n\n - add 'log-error' and 'secure-file-priv' configuration\n options (added via configuration-tweaks.tar.bz2)\n [boo#963810]\n\n - add '/etc/my.cnf.d/error_log.conf' that specifies\n 'log-error = /var/log/mysql/mysqld.log'. If no path is\n set, the error log is written to\n '/var/lib/mysql/$HOSTNAME.err', which is not picked up\n by logrotate.\n\n - add '/etc/my.cnf.d/secure_file_priv.conf' which\n specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD\n FILE()' will only work with files in the directory\n specified by 'secure-file-priv' option\n (='/var/lib/mysql-files').\"\n );\n # http://dev

[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22

Description

Affected Package

Related