Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

2020-01-08T20:35:00

Description

[![](https://1.bp.blogspot.com/-juT5vi-pFfM/XhUxVfCayLI/AAAAAAAARXU/sjfoo0DpvVgPdrkk4Mq1833ughr7O5cgwCNcBGAsYHQ/s1600/git-vuln-finder.png)](<https://1.bp.blogspot.com/-juT5vi-pFfM/XhUxVfCayLI/AAAAAAAARXU/sjfoo0DpvVgPdrkk4Mq1833ughr7O5cgwCNcBGAsYHQ/s1600/git-vuln-finder.png>) Finding potential software [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> "vulnerabilities" ) from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of [regular expressions](<https://www.kitploit.com/search/label/Regular%20Expressions> "regular expressions" ) against the commit messages only. If CVE IDs are present, those are added automatically in the output. **Requirements** * Python 3.6 * GitPython * langdetect **Usage** usage: finder.py [-h] [-v] [-r R] [-o O] [-s S] [-p P] [-c] [-t] Finding potential software vulnerabilities from git commit messages. optional arguments: -h, --help show this help message and exit -v increase output verbosity -r R git repository to analyse -o O Output format: [json] -s S State of the commit found -p P Matching pattern to use: [vulnpatterns, cryptopatterns, cpatterns] - the pattern 'all' is used to match all the patterns at once. -c output only a list of the CVE pattern found in commit messages (disable by default) -t Include tags matching a specific commit More info: https://github.com/cve-search/git-vuln-finder **Patterns** git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as: * `vulnpatterns` is a generic [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> "vulnerability" ) pattern especially targeting web application and generic security commit message. Based on an academic paper. * `cryptopatterns` is a vulnerability pattern for cryptographic errors mentioned in commit messages. * `cpatterns` is a set of standard vulnerability patterns see for C/C++-like languages. **A sample partial output from Curl git repository** python3 finder.py -r /home/adulau/git/curl | jq . ... "6df916d751e72fc9a1febc07bb59c4ddd886c043": { "message": "loadlibrary: Only load system DLLs from the system directory\n\nInspiration provided by: Daniel Stenberg and Ray Satiro\n\nBug: https://curl.haxx.se/docs/adv_20160530.html\n\nRef: Windows DLL [hijacking](<https://www.kitploit.com/search/label/Hijacking> "hijacking" ) with curl, CVE-2016-4802\n", "language": "en", "commit-id": "6df916d751e72fc9a1febc07bb59c4ddd886c043", "summary": "loadlibrary: Only load system DLLs from the system directory", "stats": { "insertions": 180, "deletions": 8, "lines": 188, "files": 7 }, "author": "Steve Holme", "author-email": "some-email@example.com", "authored_date": 1464555460, "committed_date": 1464588867, "branches": [ "master" ], "pa ttern-selected": "(?i)(denial of service |\bXXE\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origin\b|unauthori[z|s]ed |infinite loop)", "pattern-matches": [ "hijack" ], "origin": "some-email@example.com:curl/curl.git", "origin-github-api": "https://api.github.com/repos/curl/curl/commits/6df916d751e72fc9a1febc07bb59c4ddd886c043", "tags": [], "cve": [ "CVE-2016-4802" ], "state": "cve-assigned" }, "c2b3f264cb5210f82bdc84a3b89250a611b68dd3": { "message": "CONNECT_ONLY: don't close connection on GSS 401/407 reponses\n\nPreviously, connections were closed immediately before the user had a\nchance to extract the socket when the proxy required Ne gotiate\nauthentication.\n\nThis regression was brought in with the security fix in commit\n79b9d5f1a42578f\n\nCloses #655\n", "language": "en", "commit-id": "c2b3f264cb5210f82bdc84a3b89250a611b68dd3", "summary": "CONNECT_ONLY: don't close connection on GSS 401/407 reponses", "stats": { "insertions": 4, "deletions": 2, "lines": 6, "files": 1 }, "author": "Marcel Raad", "author-email": "some-email@example.com", "authored_date": 1455523116, "committed_date": 1461704516, "branches": [ "master" ], "pattern-selected": "(?i)(denial of service |\bXXE\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |exploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origi n\b|unauthori[z|s]ed |infinite loop)", "pattern-matches": [ "security " ], "origin": "some-email@example.com:curl/curl.git", "origin-github-api": "https://api.github.com/repos/curl/curl/commits/c2b3f264cb5210f82bdc84a3b89250a611b68dd3", "tags": [], "state": "under-review" }, ... * Extracting CVE id(s) from git messages "98d132cf6a879faf0147aa83ea0c07ff326260ed": { "message": "Add a macro for testing assertion in both debug and production builds\n\nIf we have an assert then in a debug build we want an abort() to occur.\nIn a production build we wan t the function to return an error.\n\nThis introduces a new macro to assist with that. The idea is to replace\nexisting use of OPENSSL_assert() with this new macro. The problem with\nOPENSSL _assert() is that it aborts() on an assertion failure in both debug\nand production builds. It should never be a library's decision to abort a\nprocess (we don't get to decide when to kill t he life support machine or\nthe nuclear reactor control system). Additionally if an attacker can\ncause a reachable assert to be hit then this can be a source of DoS attacks\ne.g. see CVE-20 17-3733, CVE-2015-0293, CVE-2011-4577 and CVE-2002-1568.\n\nReviewed-by: Tim Hudson <some-email@example.com>\n(Merged from https://github.com/openssl/o penssl/pull/3496)", "commit-id": "98d132cf6a879faf0147aa83ea0c07ff326260ed", "summary": "Add a macro for testing assertion in both debug and production builds", "stats": { "insertions": 18, "deletions": 0, "lines": 18, "files": 1 }, "author": "Matt Caswell", "author-email": "some-email@example.com", "authored_date": 1495182637, "committed_date": 1495457671, "branches": [ "master" ], "pattern-selected": "(?i)(denial of service |\bXXE\b|remote code execution|\bopen redirect|OSVDB|\bvuln|\bCVE\b |\bXSS\b|\bReDoS\b|\bNVD\b|malicious|x−frame−options|attack|cross site |ex ploit|malicious|directory traversal |\bRCE\b|\bdos\b|\bXSRF \b|\bXSS\b|clickjack|session.fixation|hijack|\badvisory|\binsecure |security |\bcross−origin\b|unauthori[z|s]ed |infinite loop)", "pattern-matches": [ "attack" ], "cve": [ "CVE-2017-3733", "CVE-2015-0293", "CVE-2011-4577", "CVE-2002-1568" ], "state": "cve-assigned" } **Acknowledgment** * Thanks to [Jean-Louis Huynen](<https://github.com/gallypette> "Jean-Louis Huynen" ) for the discussions about the crypto vulnerability pattern * Thanks to [Sebastien Tricaud](<https://github.com/stricaud> "Sebastien Tricaud" ) for the discussions regarding native language and commit messages **References** * [Notes](<https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md> "Notes" ) * <https://csce.ucmss.com/cr/books/2017/LFS/CSREA2017/ICA2077.pdf> (mainly using CVE referenced in the commit message) - archive (<http://archive.is/xep9o>) * <https://asankhaya.github.io/pdf/automated-identification-of-security-issues-from-commit-messages-and-bug-reports.pdf> (2 main regexps) **[Download Git-Vuln-Finder](<https://github.com/cve-search/git-vuln-finder> "Download Git-Vuln-Finder" )**

{"id": "KITPLOIT:6228086289371789135", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages", "description": "[![](https://1.bp.blogspot.com/-juT5vi-pFfM/XhUxVfCayLI/AAAAAAAARXU/sjfoo0DpvVgPdrkk4Mq1833ughr7O5cgwCNcBGAsYHQ/s1600/git-vuln-finder.png)](<https://1.bp.blogspot.com/-juT5vi-pFfM/XhUxVfCayLI/AAAAAAAARXU/sjfoo0DpvVgPdrkk4Mq1833ughr7O5cgwCNcBGAsYHQ/s1600/git-vuln-finder.png>)\n\n \nFinding potential software [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of [regular expressions](<https://www.kitploit.com/search/label/Regular%20Expressions> \"regular expressions\" ) against the commit messages only. If CVE IDs are present, those are added automatically in the output. \n \n**Requirements** \n\n\n * Python 3.6\n * GitPython\n * langdetect\n \n**Usage** \n\n \n \n usage: finder.py [-h] [-v] [-r R] [-o O] [-s S] [-p P] [-c] [-t]\n \n Finding potential software vulnerabilities from git commit messages.\n \n optional arguments:\n -h, --help show this help message and exit\n -v increase output verbosity\n -r R git repository to analyse\n -o O Output format: [json]\n -s S State of the commit found\n -p P Matching pattern to use: [vulnpatterns, cryptopatterns,\n cpatterns] - the pattern 'all' is used to match all the patterns\n at once.\n -c output only a list of the CVE pattern found in commit messages\n (disable by default)\n -t Include tags matching a specific commit\n \n More info: https://github.com/cve-search/git-vuln-finder\n\n \n**Patterns** \ngit-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as: \n\n\n * `vulnpatterns` is a generic [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) pattern especially targeting web application and generic security commit message. Based on an academic paper.\n * `cryptopatterns` is a vulnerability pattern for cryptographic errors mentioned in commit messages.\n * `cpatterns` is a set of standard vulnerability patterns see for C/C++-like languages.\n \n**A sample partial output from Curl git repository** \n\n \n \n python3 finder.py -r /home/adulau/git/curl | jq .\n ...\n \"6df916d751e72fc9a1febc07bb59c4ddd886c043\": {\n \"message\": \"loadlibrary: Only load system DLLs from the system directory\\n\\nInspiration provided by: Daniel Stenberg and Ray Satiro\\n\\nBug: https://curl.haxx.se/docs/adv_20160530.html\\n\\nRef: Windows DLL [hijacking](<https://www.kitploit.com/search/label/Hijacking> \"hijacking\" ) with curl, CVE-2016-4802\\n\",\n \"language\": \"en\",\n \"commit-id\": \"6df916d751e72fc9a1febc07bb59c4ddd886c043\",\n \"summary\": \"loadlibrary: Only load system DLLs from the system directory\",\n \"stats\": {\n \"insertions\": 180,\n \"deletions\": 8,\n \"lines\": 188,\n \"files\": 7\n },\n \"author\": \"Steve Holme\",\n \"author-email\": \"some-email@example.com\",\n \"authored_date\": 1464555460,\n \"committed_date\": 1464588867,\n \"branches\": [\n \"master\"\n ],\n \"pa ttern-selected\": \"(?i)(denial of service |\\bXXE\\b|remote code execution|\\bopen redirect|OSVDB|\\bvuln|\\bCVE\\b |\\bXSS\\b|\\bReDoS\\b|\\bNVD\\b|malicious|x\u2212frame\u2212options|attack|cross site |exploit|malicious|directory traversal |\\bRCE\\b|\\bdos\\b|\\bXSRF \\b|\\bXSS\\b|clickjack|session.fixation|hijack|\\badvisory|\\binsecure |security |\\bcross\u2212origin\\b|unauthori[z|s]ed |infinite loop)\",\n \"pattern-matches\": [\n \"hijack\"\n ],\n \"origin\": \"some-email@example.com:curl/curl.git\",\n \"origin-github-api\": \"https://api.github.com/repos/curl/curl/commits/6df916d751e72fc9a1febc07bb59c4ddd886c043\",\n \"tags\": [],\n \"cve\": [\n \"CVE-2016-4802\"\n ],\n \"state\": \"cve-assigned\"\n },\n \"c2b3f264cb5210f82bdc84a3b89250a611b68dd3\": {\n \"message\": \"CONNECT_ONLY: don't close connection on GSS 401/407 reponses\\n\\nPreviously, connections were closed immediately before the user had a\\nchance to extract the socket when the proxy required Ne gotiate\\nauthentication.\\n\\nThis regression was brought in with the security fix in commit\\n79b9d5f1a42578f\\n\\nCloses #655\\n\",\n \"language\": \"en\",\n \"commit-id\": \"c2b3f264cb5210f82bdc84a3b89250a611b68dd3\",\n \"summary\": \"CONNECT_ONLY: don't close connection on GSS 401/407 reponses\",\n \"stats\": {\n \"insertions\": 4,\n \"deletions\": 2,\n \"lines\": 6,\n \"files\": 1\n },\n \"author\": \"Marcel Raad\",\n \"author-email\": \"some-email@example.com\",\n \"authored_date\": 1455523116,\n \"committed_date\": 1461704516,\n \"branches\": [\n \"master\"\n ],\n \"pattern-selected\": \"(?i)(denial of service |\\bXXE\\b|remote code execution|\\bopen redirect|OSVDB|\\bvuln|\\bCVE\\b |\\bXSS\\b|\\bReDoS\\b|\\bNVD\\b|malicious|x\u2212frame\u2212options|attack|cross site |exploit|malicious|directory traversal |\\bRCE\\b|\\bdos\\b|\\bXSRF \\b|\\bXSS\\b|clickjack|session.fixation|hijack|\\badvisory|\\binsecure |security |\\bcross\u2212origi n\\b|unauthori[z|s]ed |infinite loop)\",\n \"pattern-matches\": [\n \"security \"\n ],\n \"origin\": \"some-email@example.com:curl/curl.git\",\n \"origin-github-api\": \"https://api.github.com/repos/curl/curl/commits/c2b3f264cb5210f82bdc84a3b89250a611b68dd3\",\n \"tags\": [],\n \"state\": \"under-review\"\n },\n ...\n\n * Extracting CVE id(s) from git messages\n \n \n \"98d132cf6a879faf0147aa83ea0c07ff326260ed\": {\n \"message\": \"Add a macro for testing assertion in both debug and production builds\\n\\nIf we have an assert then in a debug build we want an abort() to occur.\\nIn a production build we wan\n t the function to return an error.\\n\\nThis introduces a new macro to assist with that. The idea is to replace\\nexisting use of OPENSSL_assert() with this new macro. The problem with\\nOPENSSL\n _assert() is that it aborts() on an assertion failure in both debug\\nand production builds. It should never be a library's decision to abort a\\nprocess (we don't get to decide when to kill t\n he life support machine or\\nthe nuclear reactor control system). Additionally if an attacker can\\ncause a reachable assert to be hit then this can be a source of DoS attacks\\ne.g. see CVE-20\n 17-3733, CVE-2015-0293, CVE-2011-4577 and CVE-2002-1568.\\n\\nReviewed-by: Tim Hudson <some-email@example.com>\\n(Merged from https://github.com/openssl/o penssl/pull/3496)\",\n \"commit-id\": \"98d132cf6a879faf0147aa83ea0c07ff326260ed\",\n \"summary\": \"Add a macro for testing assertion in both debug and production builds\",\n \"stats\": {\n \"insertions\": 18,\n \"deletions\": 0,\n \"lines\": 18,\n \"files\": 1\n },\n \"author\": \"Matt Caswell\",\n \"author-email\": \"some-email@example.com\",\n \"authored_date\": 1495182637,\n \"committed_date\": 1495457671,\n \"branches\": [\n \"master\"\n ],\n \"pattern-selected\": \"(?i)(denial of service |\\bXXE\\b|remote code execution|\\bopen redirect|OSVDB|\\bvuln|\\bCVE\\b |\\bXSS\\b|\\bReDoS\\b|\\bNVD\\b|malicious|x\u2212frame\u2212options|attack|cross site |ex\n ploit|malicious|directory traversal |\\bRCE\\b|\\bdos\\b|\\bXSRF \\b|\\bXSS\\b|clickjack|session.fixation|hijack|\\badvisory|\\binsecure |security |\\bcross\u2212origin\\b|unauthori[z|s]ed |infinite loop)\",\n \"pattern-matches\": [\n \"attack\"\n ],\n \"cve\": [\n \"CVE-2017-3733\",\n \"CVE-2015-0293\",\n \"CVE-2011-4577\",\n \"CVE-2002-1568\"\n ],\n \"state\": \"cve-assigned\"\n }\n\n \n**Acknowledgment** \n\n\n * Thanks to [Jean-Louis Huynen](<https://github.com/gallypette> \"Jean-Louis Huynen\" ) for the discussions about the crypto vulnerability pattern\n * Thanks to [Sebastien Tricaud](<https://github.com/stricaud> \"Sebastien Tricaud\" ) for the discussions regarding native language and commit messages\n \n**References** \n\n\n * [Notes](<https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md> \"Notes\" )\n * <https://csce.ucmss.com/cr/books/2017/LFS/CSREA2017/ICA2077.pdf> (mainly using CVE referenced in the commit message) - archive (<http://archive.is/xep9o>)\n * <https://asankhaya.github.io/pdf/automated-identification-of-security-issues-from-commit-messages-and-bug-reports.pdf> (2 main regexps)\n \n \n\n\n**[Download Git-Vuln-Finder](<https://github.com/cve-search/git-vuln-finder> \"Download Git-Vuln-Finder\" )**\n", "published": "2020-01-08T20:35:00", "modified": "2020-01-08T20:35:07", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "http://www.kitploit.com/2020/01/git-vuln-finder-finding-potential.html", "reporter": "KitPloit", "references": ["https://gist.github.com/adulau/dce5a6ca5c65017869bb01dfee576303#file-finding-vuln-git-commit-messages-md", "https://asankhaya.github.io/pdf/automated-identification-of-security-issues-from-commit-messages-and-bug-reports.pdf", "https://github.com/gallypette", "https://github.com/stricaud", "https://github.com/cve-search/git-vuln-finder"], "cvelist": ["CVE-2002-1568", "CVE-2011-4577", "CVE-2015-0293", "CVE-2016-4802", "CVE-2017-3733"], "immutableFields": [], "lastseen": "2023-02-23T00:20:48", "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY13.ASC"]}, {"type": "altlinux", "idList": ["E210B5D4B7259AFCE092F9D1D5E8FDD0"]}, {"type": "amazon", "idList": ["ALAS-2012-038", "ALAS-2015-498", "ALAS-2016-682"]}, {"type": "archlinux", "idList": ["ASA-201503-16", "ASA-201503-17"]}, {"type": "centos", "idList": ["CESA-2012:0059", "CESA-2015:0715", "CESA-2015:0716", "CESA-2015:0800", "CESA-2016:0372"]}, {"type": "cert", "idList": ["VU:737740"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0237"]}, {"type": "cisco", "idList": ["CISCO-SA-20150320-OPENSSL", "CISCO-SA-20170130-OPENSSL"]}, {"type": "citrix", "idList": ["CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2612C84317452E216670EAF7C553C9D4"]}, {"type": "cve", "idList": ["CVE-2002-1568", "CVE-2011-4577", "CVE-2015-0293", "CVE-2016-4802", "CVE-2017-3733"]}, {"type": "debian", "idList": ["DEBIAN:DLA-177-1:BC085"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2002-1568", "DEBIANCVE:CVE-2011-4577", "DEBIANCVE:CVE-2015-0293", "DEBIANCVE:CVE-2016-4802", "DEBIANCVE:CVE-2017-3733"]}, {"type": "f5", "idList": ["F5:K15314", "F5:K16321", "F5:K55462146", "SOL15314", "SOL16321"]}, {"type": "fedora", "idList": ["FEDORA:09F5C6091601", "FEDORA:13A9D6049716", "FEDORA:13B146087AAB", "FEDORA:2A08D6087C06", "FEDORA:340B120DED", "FEDORA:7B6536093B4C", "FEDORA:A271421BA0", "FEDORA:CA1A06087CE1", "FEDORA:DBB0F21109", "FEDORA:DDD696087CE5"]}, {"type": "fortinet", "idList": ["FG-IR-15-008"]}, {"type": "freebsd", "idList": ["1A802BA9-F444-11E6-9940-B499BAEBFEAF", "78CC8A46-3E56-11E1-89B4-001EC9578670", "9D15355B-CE7C-11E4-9DB0-D050992ECDE8"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-15:06.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201203-12", "GLSA-201503-11"]}, {"type": "ibm", "idList": ["00CCFCA9A5F16E5078CC3A0799E78508D7F8D9C3DC2CB9C2E2996EDDB6A762AD", "129E5B62D60732128A0EC19397E58D4329EE7F4D46AC1C97DF6F8DFCAEB8C3C7", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "1DC0A9C6D3EFE4EEA571DAAA9286B8F974D5ECF8F3BAAA188781D697B6DC2546", "1E8933569F7AACD6AB5F73196F8930386DBFB5F49E264DAFEB5AC02CAFAFCCD1", "1FAD260E906BFBAA12475F1001415F24BD78768B7F202469CB95E4ED3ED0FCDF", "2ED145A3D0DAD8C68DF27E1A2AC44E5C0F6FCB3E61B424CEE475A6F6ABFEFE3B", "306F0F5B9EBAA5A123DBEA7D5C32E94515078239AFA1D40465B7275E07FFDD37", "3CC341F512B972FA400DC2567F88C930644A1B4BA4DC7920EA85D111D730075C", "424AD9C14BC6E654796939B2A04098E63ED127E8B8F95697A9A6DB2594D854D9", "467A4726E3E7AEF66C203B003944DA9B03EEFBD2B1D75CD15AF1455C2AF4B2E8", "4935877E22DC9C911567F03D884192F602E3F742C6E7A4E03C956A665117908C", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "6234195C7E31959F34FEEB3A01B3AE191F8EB55B62E74A9D49559D08BB9DC38C", "6A9D776A5DCA8DC833373833D988E134B60F05259FF378B7B8590B9714CF2ECE", "715F6FCB6F0439BFFCBB62E35AA259E82714E1A115B2957FFCD8F27BEB0EDCA6", "76415522829E96D2199B1D5D63817545B42CAE7C008B9902D48D11CAEE020C66", "7722E300BD7D2FC38840DBC21E0E0C6ED9511E2EF4CF2E053E0F257B55157749", "7B8C3D258DE0833140233067C3E25064503547CDB59CBA01C208C329C6253441", "7B8C92E9AC4C0844C5F46693E5D64A4DA51AE8805503D286BACEE2AB0D71C389", "7EAF5CB207E5D468583094D39BFEB783DDAF939EF5BB4632C3FB6CBE7F70A7E3", "801DF84ED09CB64FFA976AE01C334B98E59C8272DE755C06B9664F28ACA96B90", "863449F544E94148ECAE292EA0F89B22B11E00F7BD3A562706624EA901458C39", "89E28DE00B780208C4738BFA3895A8309DBA6F3C9B16E54D09B45E894A59C215", "8FA10D2B5F09CE8049145E8FBBC973419F627ACC51529C21F591FE51D3819797", "94F7B41F1257C267E4A25F1833BC04AD08F160E81172C752AEBC6FD954FC7E9D", "9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478", "98DF90031B7BA31AA32E8B46921FD9F2DC1C82F868B4E85A245FC2D6CE4B1B9C", "9CDD0DA5C2CC81B7E0D8493B9AB1A6692B9BE040FFC0C2BFA76E7CD32DBADFE4", "A8AFB71992370CD8AF9340FB766CB133288126FDA64D60A67D3B25CD154F2C52", "B0AEB074FFA0854656EFE3CAF612805ED0F2B662B12263D2B3084481427FAB2B", "B4CA968494E02B5BFE9B27A5692CA5BE48946524BDEB38C92B16A05BE2C1C180", "B625EA391050AE88DBC854C1E4ACFEA9464E64C5F461F5BC1B3775D674ABF431", "B8CDE2E20BC16C41FC85BA2A86684E11CDAD295FBFA9F508C045F715A67AC321", "BAF1546D1EDD330DFAAFA27F2850DC5927E6EEBC01917991945A132668237FFA", "C0501217B805DB60B66BE6BAE92316B764C51679EEA5027CB07C6E657F8181A2", "C09543DCAE42029A17B90A7F26EF43985CF4CE3DC85DE27C6D7D46E7A4F58628", "C2E1B6F103D16592590804EC21CC266225CDAA4E931E62E62D9FD5256D6D1B8D", "C359E298B12358DC12E6A45A12F75C3BB2B1939DCD44D41BC06D12AB4EFD80F8", "C370EAFBBB70EEBAA3B44F1264B1574EA6170D6498723F6BCF591ADF4AD41BE4", "C5F0A3013333B48D4C08CB3D13549994F17CDBB3EA06E50A46D8068D5A06FCAC", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8", "E21EE2EC4B109051DD18B7E28B917655784B8802BDD1068065EBF95CC0940B6B", "E718305B80885810F902CE850143D8E41B3321E883AB24867E49DDC4822F4153", "E968D5EDF80FD5A67D3FB4F777F2CF43CB076659D0CBC8ED4BEF3BDE224F50B9", "F02C08485005B3F2D6BECAD34DA40CFF4FB98527D314337A35423CE106DF04A1", "F0F7CB3FF34575347263765CA6F52851E28E7B2C6749B9C22FAEB916ECBCA8EE", "F3CCE399EBF8E0219B3D30EEF7F522C3290C31BEBAFE8248755CFA8EE7793280", "FCEEB61FFF0AA043526B3AD29A5AA38A5A5E8F0EBFEBFB7196BA2301B080971B"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "kaspersky", "idList": ["KLA10479", "KLA10817"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2015-0111", "MGASA-2017-0390"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786348"]}, {"type": "nessus", "idList": ["6129.PRM", "6857.PRM", "801016.PRM", "801059.PRM", "801937.PRM", "802002.PRM", "8661.PRM", "8662.PRM", "8801.PRM", "9763.PRM", "9971.PRM", "AIX_OPENSSL_ADVISORY13.NASL", "ALA_ALAS-2012-38.NASL", "ALA_ALAS-2015-498.NASL", "ALA_ALAS-2016-682.NASL", "BLUECOAT_PROXY_SG_6_5_7_5.NASL", "CENTOS_RHSA-2012-0059.NASL", "CENTOS_RHSA-2015-0715.NASL", "CENTOS_RHSA-2015-0716.NASL", "CENTOS_RHSA-2015-0800.NASL", "CENTOS_RHSA-2016-0372.NASL", "CISCO-SA-20150320-OPENSSL-IOS.NASL", "CISCO-SA-20150320-OPENSSL-IOSXE.NASL", "DEBIAN_DLA-177.NASL", "EULEROS_SA-2019-1548.NASL", "EULEROS_SA-2020-1637.NASL", "F5_BIGIP_SOL16321.NASL", "FEDORA_2012-0232.NASL", "FEDORA_2012-0250.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2015-4300.NASL", "FEDORA_2015-4303.NASL", "FEDORA_2015-4320.NASL", "FEDORA_2015-6855.NASL", "FEDORA_2015-6951.NASL", "FREEBSD_PKG_1A802BA9F44411E69940B499BAEBFEAF.NASL", "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "FREEBSD_PKG_9D15355BCE7C11E49DB0D050992ECDE8.NASL", "GENTOO_GLSA-201203-12.NASL", "GENTOO_GLSA-201503-11.NASL", "HPSMH_7_1_1_1.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_5.NASL", "MACOSX_10_10_4.NASL", "MACOSX_10_8_4.NASL", "MACOSX_SECUPD2013-002.NASL", "MACOSX_SECUPD2015-005.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-063.NASL", "OPENSSL_0_9_6F.NASL", "OPENSSL_0_9_8S.NASL", "OPENSSL_0_9_8ZF.NASL", "OPENSSL_1_0_0F.NASL", "OPENSSL_1_0_0R.NASL", "OPENSSL_1_0_1M.NASL", "OPENSSL_1_0_2A.NASL", "OPENSSL_1_1_0E.NASL", "OPENSUSE-2012-52.NASL", "OPENSUSE-2013-153.NASL", "OPENSUSE-2015-247.NASL", "OPENSUSE-2016-289.NASL", "OPENSUSE-2016-292.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-327.NASL", "ORACLELINUX_ELSA-2012-0059.NASL", "ORACLELINUX_ELSA-2015-0715.NASL", "ORACLELINUX_ELSA-2015-0716.NASL", "ORACLELINUX_ELSA-2015-0800.NASL", "ORACLELINUX_ELSA-2016-0372.NASL", "ORACLEVM_OVMSA-2015-0039.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "PUPPET_ENTERPRISE_380.NASL", "REDHAT-RHSA-2002-157.NASL", "REDHAT-RHSA-2012-0059.NASL", "REDHAT-RHSA-2012-0109.NASL", "REDHAT-RHSA-2015-0715.NASL", "REDHAT-RHSA-2015-0716.NASL", "REDHAT-RHSA-2015-0752.NASL", "REDHAT-RHSA-2015-0800.NASL", "REDHAT-RHSA-2016-0303.NASL", "REDHAT-RHSA-2016-0304.NASL", "REDHAT-RHSA-2016-0372.NASL", "SECURITYCENTER_5_4.NASL", "SLACKWARE_SSA_2015-111-09.NASL", "SL_20120124_OPENSSL_ON_SL6_X.NASL", "SL_20150324_OPENSSL_ON_SL6_X.NASL", "SL_20150324_OPENSSL_ON_SL7_X.NASL", "SL_20150413_OPENSSL_ON_SL5_X.NASL", "SL_20160309_OPENSSL098E_ON_SL6_X.NASL", "SOLARIS11_OPENSSL_20120404.NASL", "SPLUNK_618.NASL", "STUNNEL_5_12.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_COMPAT-OPENSSL097G-150317.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_LIBOPENSSL-DEVEL-150317.NASL", "SUSE_OPENSSL-7923.NASL", "SUSE_SU-2015-0541-1.NASL", "SUSE_SU-2015-0553-1.NASL", "SUSE_SU-2016-0617-1.NASL", "SUSE_SU-2016-0620-1.NASL", "SUSE_SU-2016-0624-1.NASL", "SUSE_SU-2016-0631-1.NASL", "SUSE_SU-2016-0641-1.NASL", "SUSE_SU-2016-0678-1.NASL", "TOMCAT_6_0_44.NASL", "TOMCAT_7_0_60.NASL", "TOMCAT_8_0_21.NASL", "UBUNTU_USN-1357-1.NASL", "UBUNTU_USN-2537-1.NASL", "VIRTUALBOX_5_1_30.NASL", "VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2002-1568", "OPENSSL:CVE-2011-4577", "OPENSSL:CVE-2015-0293", "OPENSSL:CVE-2016-0703", "OPENSSL:CVE-2016-0704", "OPENSSL:CVE-2017-3733"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:1361412562310103394", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310105397", "OPENVAS:1361412562310120164", "OPENVAS:1361412562310120204", "OPENVAS:1361412562310120672", "OPENVAS:1361412562310121365", "OPENVAS:1361412562310122006", "OPENVAS:1361412562310122898", "OPENVAS:1361412562310123135", "OPENVAS:1361412562310123140", "OPENVAS:1361412562310123153", "OPENVAS:1361412562310123154", "OPENVAS:136141256231070756", "OPENVAS:136141256231071196", "OPENVAS:1361412562310804061", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310806731", "OPENVAS:1361412562310806733", "OPENVAS:1361412562310810701", "OPENVAS:1361412562310810702", "OPENVAS:1361412562310811980", "OPENVAS:1361412562310811981", "OPENVAS:1361412562310811982", "OPENVAS:1361412562310840887", "OPENVAS:1361412562310842136", "OPENVAS:1361412562310850181", "OPENVAS:1361412562310850844", "OPENVAS:1361412562310850905", "OPENVAS:1361412562310851219", "OPENVAS:1361412562310851221", "OPENVAS:1361412562310851222", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851224", "OPENVAS:1361412562310851228", "OPENVAS:1361412562310863683", "OPENVAS:1361412562310864019", "OPENVAS:1361412562310869117", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310869342", "OPENVAS:1361412562310869465", "OPENVAS:1361412562310869605", "OPENVAS:1361412562310869719", "OPENVAS:1361412562310869742", "OPENVAS:1361412562310870668", "OPENVAS:1361412562310871339", "OPENVAS:1361412562310871340", "OPENVAS:1361412562310871353", "OPENVAS:1361412562310871569", "OPENVAS:1361412562310881066", "OPENVAS:1361412562310882132", "OPENVAS:1361412562310882147", "OPENVAS:1361412562310882163", "OPENVAS:1361412562310882412", "OPENVAS:1361412562310882414", "OPENVAS:1361412562311220191548", "OPENVAS:1361412562311220201637", "OPENVAS:70756", "OPENVAS:71196", "OPENVAS:840887", "OPENVAS:850181", "OPENVAS:863683", "OPENVAS:864019", "OPENVAS:870668", "OPENVAS:881066"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2018", "ORACLE:CPUJUL2015", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0059", "ELSA-2015-0715", "ELSA-2015-0716", "ELSA-2015-0800", "ELSA-2015-2617", "ELSA-2015-3022", "ELSA-2016-0372", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-177-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0059", "RHSA-2012:0109", "RHSA-2015:0715", "RHSA-2015:0716", "RHSA-2015:0752", "RHSA-2015:0800", "RHSA-2016:0303", "RHSA-2016:0304", "RHSA-2016:0306", "RHSA-2016:0372", "RHSA-2016:0445", "RHSA-2016:0446", "RHSA-2016:0490"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-3733"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:VULN:14333", "SECURITYVULNS:VULN:14562"]}, {"type": "slackware", "idList": ["SSA-2015-111-09"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0083-1", "OPENSUSE-SU-2016:0628-1", "OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0638-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:0720-1", "SUSE-SU-2012:0084-1", "SUSE-SU-2015:0541-1", "SUSE-SU-2015:0553-1", "SUSE-SU-2015:0553-2", "SUSE-SU-2015:0578-1", "SUSE-SU-2016:0617-1", "SUSE-SU-2016:0620-1", "SUSE-SU-2016:0621-1", "SUSE-SU-2016:0624-1", "SUSE-SU-2016:0631-1", "SUSE-SU-2016:0641-1", "SUSE-SU-2016:0678-1", "SUSE-SU-2016:0748-1", "SUSE-SU-2016:0778-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:1057-1"]}, {"type": "threatpost", "idList": ["THREATPOST:29E9D758B35B8637E8E0EC474D362D43"]}, {"type": "ubuntu", "idList": ["USN-1357-1", "USN-2537-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-4577", "UB:CVE-2015-0293", "UB:CVE-2016-4802", "UB:CVE-2017-3733"]}, {"type": "veracode", "idList": ["VERACODE:24976", "VERACODE:31126"]}, {"type": "vmware", "idList": ["VMSA-2012-0013", "VMSA-2012-0013.2"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2016-682"]}, {"type": "centos", "idList": ["CESA-2012:0059", "CESA-2015:0715", "CESA-2015:0716", "CESA-2015:0800", "CESA-2016:0372"]}, {"type": "cert", "idList": ["VU:737740"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0237"]}, {"type": "cisco", "idList": ["CISCO-SA-20170130-OPENSSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2612C84317452E216670EAF7C553C9D4"]}, {"type": "cve", "idList": ["CVE-2002-1568"]}, {"type": "debian", "idList": ["DEBIAN:DLA-177-1:BC085"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-3733"]}, {"type": "f5", "idList": ["F5:K16321", "SOL15314"]}, {"type": "fedora", "idList": ["FEDORA:09F5C6091601", "FEDORA:DDD696087CE5"]}, {"type": "freebsd", "idList": ["78CC8A46-3E56-11E1-89B4-001EC9578670"]}, {"type": "gentoo", "idList": ["GLSA-201203-12"]}, {"type": "ibm", "idList": ["467A4726E3E7AEF66C203B003944DA9B03EEFBD2B1D75CD15AF1455C2AF4B2E8", "6234195C7E31959F34FEEB3A01B3AE191F8EB55B62E74A9D49559D08BB9DC38C", "C5F0A3013333B48D4C08CB3D13549994F17CDBB3EA06E50A46D8068D5A06FCAC"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "myhack58", "idList": ["MYHACK58:62201786348"]}, {"type": "nessus", "idList": ["8661.PRM", "CENTOS_RHSA-2015-0716.NASL", "CISCO-SA-20150320-OPENSSL-IOS.NASL", "F5_BIGIP_SOL16321.NASL", "FEDORA_2015-4320.NASL", "FREEBSD_PKG_9D15355BCE7C11E49DB0D050992ECDE8.NASL", "MACOSX_10_10_4.NASL", "OPENSSL_0_9_8ZF.NASL", "OPENSUSE-2016-294.NASL", "REDHAT-RHSA-2002-157.NASL", "REDHAT-RHSA-2012-0109.NASL", "REDHAT-RHSA-2015-0716.NASL", "SL_20150413_OPENSSL_ON_SL5_X.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2002-1568"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122006", "OPENVAS:136141256231070756", "OPENVAS:1361412562310806731", "OPENVAS:1361412562310810701", "OPENVAS:1361412562310810702", "OPENVAS:1361412562310869465", "OPENVAS:850181"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-0800"]}, {"type": "redhat", "idList": ["RHSA-2015:0715", "RHSA-2016:0445"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-3733"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464"]}, {"type": "slackware", "idList": ["SSA-2015-111-09"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0720-1"]}, {"type": "ubuntu", "idList": ["USN-2537-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-3733"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2002-1568", "epss": "0.011080000", "percentile": "0.822600000", "modified": "2023-03-15"}, {"cve": "CVE-2011-4577", "epss": "0.106370000", "percentile": "0.940970000", "modified": "2023-03-14"}, {"cve": "CVE-2015-0293", "epss": "0.518730000", "percentile": "0.969690000", "modified": "2023-03-14"}, {"cve": "CVE-2016-4802", "epss": "0.000600000", "percentile": "0.234070000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3733", "epss": "0.045350000", "percentile": "0.912100000", "modified": "2023-03-14"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1677111715, "score": 1677111798, "epss": 1678887117}, "_internal": {"score_hash": "1630406d64a79e903734e40e472b83b1"}, "toolHref": "https://github.com/cve-search/git-vuln-finder"}

{"openssl": [{"lastseen": "2022-12-05T18:14:38", "description": " The use of assertions when detecting buffer overflow attacks allowed remote attackers to cause a denial of service (crash) by sending certain messages to cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which were not properly handled in s2_srvr.c.\n\n * Fixed in OpenSSL 0.9.6f [(git commit)](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=517a0e7fa0f5453c860a3aec17b678bd55d5aad7>) (Affected since 0.9.6e)\n", "cvss3": {}, "published": "2002-08-08T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL CVE-2002-1568", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1568"], "modified": "2002-08-08T00:00:00", "id": "OPENSSL:CVE-2002-1568", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:02:28", "description": " RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Builds of OpenSSL are only vulnerable if configured with \"enable-rfc3779\", which is not a default.\n", "cvss3": {}, "published": "2012-01-04T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - Malformed RFC 3779 Data Can Cause Assertion Failures ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4577", "href": "https://www.openssl.org/news/secadv/20120104.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:02:07", "description": " During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-16T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - Encrypt-Then-Mac renegotiation crash ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2017-02-16T00:00:00", "id": "OPENSSL:CVE-2017-3733", "href": "https://www.openssl.org/news/secadv/20170216.txt", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:02:19", "description": " DoS via reachable assert in SSLv2 servers. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.\n", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - DoS via reachable assert in SSLv2 servers ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2015-03-19T00:00:00", "id": "OPENSSL:CVE-2015-0293", "href": "https://www.openssl.org/news/secadv/20150319.txt", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:02:13", "description": " This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address the vulnerability CVE-2015-0293. s2_srvr.c overwrite the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. This provides a Bleichenbacher oracle, and could potentially allow more efficient variants of the DROWN attack.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-01T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - Bleichenbacher oracle in SSLv2 ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2016-0704"], "modified": "2016-03-01T00:00:00", "id": "OPENSSL:CVE-2016-0704", "href": "https://www.openssl.org/news/secadv/20160301.txt", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T17:02:14", "description": " This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. If clear-key bytes are present for these ciphers, they *displace* encrypted-key bytes. This leads to an efficient divide-and-conquer key recovery attack: if an eavesdropper has intercepted an SSLv2 handshake, they can use the server as an oracle to determine the SSLv2 master-key, using only 16 connections to the server and negligible computation. More importantly, this leads to a more efficient version of DROWN that is effective against non-export ciphersuites, and requires no significant computation.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-01T00:00:00", "type": "openssl", "title": "Vulnerability in OpenSSL - Divide-and-conquer session key recovery in SSLv2 ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2016-0703"], "modified": "2016-03-01T00:00:00", "id": "OPENSSL:CVE-2016-0703", "href": "https://www.openssl.org/news/secadv/20160301.txt", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:09:00", "description": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.", "cvss3": {}, "published": "2003-11-17T05:00:00", "type": "cve", "title": "CVE-2002-1568", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1568"], "modified": "2016-10-18T02:27:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6e"], "id": "CVE-2002-1568", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1568", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-13T14:10:57", "description": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.", "cvss3": {}, "published": "2012-01-06T01:55:00", "type": "cve", "title": "CVE-2011-4577", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2014-03-26T04:25:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8p", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.7e"], "id": "CVE-2011-4577", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4577", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:12:33", "description": "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T17:59:00", "type": "cve", "title": "CVE-2016-4802", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/a:haxx:curl:7.49.0"], "id": "CVE-2016-4802", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4802", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:05:36", "description": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-04T19:29:00", "type": "cve", "title": "CVE-2017-3733", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2019-04-23T19:30:00", "cpe": ["cpe:/a:openssl:openssl:1.1.0d", "cpe:/a:openssl:openssl:1.1.0", "cpe:/a:hp:operations_agent:11.14", "cpe:/a:openssl:openssl:1.1.0b", "cpe:/a:openssl:openssl:1.1.0c", "cpe:/a:openssl:openssl:1.1.0a", "cpe:/a:hp:operations_agent:11.15"], "id": "CVE-2017-3733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3733", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "cpe:2.3:a:hp:operations_agent:11.15:*:*:*:*:*:*:*", "cpe:2.3:a:hp:operations_agent:11.14:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T02:30:23", "description": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "cvss3": {}, "published": "2015-03-19T22:59:00", "type": "cve", "title": "CVE-2015-0293", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2022-12-13T12:15:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:0.9.8ze", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0p", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.0o", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.0q", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0k"], "id": "CVE-2015-0293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:19:52", "description": "According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.6f. \n\nA remote attacker can trigger a denial of service by sending a specially crafted SSLv2 CLIENT_MASTER_KEY message.", "cvss3": {}, "published": "2012-01-04T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.6f Denial of Service", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1568"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_6F.NASL", "href": "https://www.tenable.com/plugins/nessus/17747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17747);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2002-1568\");\n script_bugtraq_id(8746);\n script_xref(name:\"RHSA\", value:\"2003:291\");\n\n script_name(english:\"OpenSSL < 0.9.6f Denial of Service\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote server is vulnerable to a denial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote server is running a version of\nOpenSSL that is earlier than 0.9.6f. \n\nA remote attacker can trigger a denial of service by sending a\nspecially crafted SSLv2 CLIENT_MASTER_KEY message.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cvs.openssl.org/chngview?cn=7659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/339948\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.6f or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.6f', severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:39:11", "description": "Versions of cURL and libcurl prior to 7.49.1 are affected by a flaw that is triggered when loading certain dynamic-link libraries including 'security.dll', 'secur32.dll', and 'ws2_32.dll'. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a FILETYPE file located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "cURL/libcurl 7.x < 7.49.1 RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4802"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"], "id": "9763.PRM", "href": "https://www.tenable.com/plugins/nnm/9763", "sourceData": "Binary data 9763.prm", "cvss": {"score": 6.9, "vector": "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:38:44", "description": "cURL / libcurl contains a flaw that is triggered when loading certain dynamic-link libraries incl. security.dll, secur32.dll, and ws2_32.dll. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a FILETYPE file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.\nTechnical Information: Note: Library vulnerability. This code is used in a wide variety of software and the issue may manifest in a number of different ways. Depending on the implementation, it will vary if this vulnerability requires local access, or if it may be exploited remotely.\n\nThis issue only affects the Windows platform.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-20T00:00:00", "type": "nessus", "title": "cURL 7.11.1 to 7.49.0 DLL Hijacking Arbitrary Code Execution", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2016-06-20T00:00:00", "cpe": [], "id": "802002.PRM", "href": "https://www.tenable.com/plugins/lce/802002", "sourceData": "Binary data 802002.prm", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T15:21:34", "description": "According to its banner, the version of OpenSSL on the remote host is version 1.1.0 prior to 1.1.0e and is affected by a flaw that is triggered when handling renegotiation handshakes where the 'Encrypt-Then-Mac' extension is negotiated when it was not in the initial handshake, or vice versa. This may allow a remote attacker to cause OpenSSL to crash.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-22T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.0 < 1.1.0e DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "9971.PRM", "href": "https://www.tenable.com/plugins/nnm/9971", "sourceData": "Binary data 9971.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:19:33", "description": "The OpenSSL project reports :\n\nSeverity: High During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. This issue does not affect OpenSSL version 1.0.2.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-17T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- crash on handshake (1a802ba9-f444-11e6-9940-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl-devel", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1A802BA9F44411E69940B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/97219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97219);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3733\");\n\n script_name(english:\"FreeBSD : openssl -- crash on handshake (1a802ba9-f444-11e6-9940-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL project reports :\n\nSeverity: High During a renegotiation handshake if the\nEncrypt-Then-Mac extension is negotiated where it was not in the\noriginal handshake (or vice-versa) then this can cause OpenSSL to\ncrash (dependent on ciphersuite). Both clients and servers are\naffected. This issue does not affect OpenSSL version 1.0.2.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20170216.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/1a802ba9-f444-11e6-9940-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51987d93\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel<1.1.0e\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:18:58", "description": "According to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0e. It is, therefore, affected by a denial of service vulnerability that is triggered during a renegotiation handshake in which the Encrypt-Then-Mac extension is negotiated when it was not in the original handshake or vice-versa. An unauthenticated, remote attacker can exploit this issue to cause OpenSSL to crash, depending on which cipher suite is being used. Note that both clients and servers are affected.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-23T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.0 < 1.1.0e Encrypt-Then-Mac Extension DoS", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_0E.NASL", "href": "https://www.tenable.com/plugins/nessus/97328", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97328);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\"CVE-2017-3733\");\n\n script_name(english:\"OpenSSL 1.1.0 < 1.1.0e Encrypt-Then-Mac Extension DoS\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by a denial of\nservice vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0e. It is, therefore, affected by a denial\nof service vulnerability that is triggered during a renegotiation\nhandshake in which the Encrypt-Then-Mac extension is negotiated when\nit was not in the original handshake or vice-versa. An\nunauthenticated, remote attacker can exploit this issue to cause\nOpenSSL to crash, depending on which cipher suite is being used. Note\nthat both clients and servers are affected.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20170216.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.1.0e or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3733\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.0e', min:\"1.1.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-31T14:23:00", "description": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. (CVE-2015-0293)", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K16321)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16321.NASL", "href": "https://www.tenable.com/plugins/nessus/86271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16321.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86271);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-0293\");\n script_bugtraq_id(73232);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K16321)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\nattackers to cause a denial of service (s2_lib.c assertion failure and\ndaemon exit) via a crafted CLIENT-MASTER-KEY message. (CVE-2015-0293)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16321\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16321.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16321\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\",\"10.0.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.0\",\"11.6.1\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.1HF15\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF15\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF15\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:40:18", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.0. It is, therefore, affected by multiple vulnerabilities :\n\n - An arbitrary code execution vulnerability exists in the bundled version of libcurl due to using an insecure path to look for specific libraries, including the current working directory, which may not be under user control.\n A remote attacker can exploit this to inject and execute arbitrary code in the context of the current user.\n (CVE-2016-4802)\n\n - Multiple flaws exist in the bundled version of libssh due to a failure to securely generate Diffie-Hellman secret keys. A man-in-the-middle attacker can exploit these flaws to intercept and decrypt SSH sessions.\n (CVE-2016-0739, CVE-2016-0787)\n\n - An integer overflow condition exists in the bundled version of libcurl due to improper validation of user-supplied input when handling 'timeval'. An attacker can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-26T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0739", "CVE-2016-0787", "CVE-2016-4802"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_4.NASL", "href": "https://www.tenable.com/plugins/nessus/92558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92558);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2016-0739\", \"CVE-2016-0787\", \"CVE-2016-4802\");\n script_bugtraq_id(83186, 83389, 90997);\n\n script_name(english:\"Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12)\");\n script_summary(english:\"Checks the SecurityCenter version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is prior to 5.4.0. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An arbitrary code execution vulnerability exists in the\n bundled version of libcurl due to using an insecure path\n to look for specific libraries, including the current\n working directory, which may not be under user control.\n A remote attacker can exploit this to inject and execute\n arbitrary code in the context of the current user.\n (CVE-2016-4802)\n\n - Multiple flaws exist in the bundled version of libssh\n due to a failure to securely generate Diffie-Hellman\n secret keys. A man-in-the-middle attacker can exploit\n these flaws to intercept and decrypt SSH sessions.\n (CVE-2016-0739, CVE-2016-0787)\n\n - An integer overflow condition exists in the bundled\n version of libcurl due to improper validation of\n user-supplied input when handling 'timeval'. An attacker\n can exploit this to have an unspecified impact.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2016-12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/docs/CVE-2016-4802.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://curl.haxx.se/changes.html#7_48_0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.libssh2.org/adv_20160223.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.4.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4802\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nversion = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(version))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n version = install[\"version\"];\n}\n\nfix = \"5.4.0\";\n\nif (version =~ \"^5\\.3\\.[0-2](\\.|$)\")\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:18:46", "description": "Updated OpenSSL packages are available which fix several serious buffer overflow vulnerabilities.\n\nOpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A security audit of the OpenSSL code sponsored by DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7 and 0.9.6d and earlier :\n\n1. The master key supplied by a client to an SSL version 2 server could be oversized, causing a stack-based buffer overflow. This issue is remotely exploitable. Services that have SSLv2 disabled would not be vulnerable to this issue. (CVE-2002-0656)\n\n2. The SSLv3 session ID supplied to a client from a malicious server could be oversized and overrun a buffer. This issue looks to be remotely exploitable. (CVE-2002-0656)\n\n3. Various buffers used for storing ASCII representations of integers were too small on 64 bit platforms. This issue may be exploitable.\n(CVE-2002-0655)\n\nA further issue was found in OpenSSL 0.9.7 that does not affect versions of OpenSSL shipped with Red Hat Linux (CVE-2002-0657).\n\nA large number of applications within Red Hat Linux make use the OpenSSL library to provide SSL support. All users are therefore advised to upgrade to the errata OpenSSL packages, which contain patches to correct these vulnerabilities.\n\nNOTE :\n\nPlease read the Solution section below as it contains instructions for making sure that all SSL-enabled processes are restarted after the update is applied.\n\nThanks go to the OpenSSL team and Ben Laurie for providing patches for these issues.", "cvss3": {}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : openssl (RHSA-2002:157)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0655", "CVE-2002-0656", "CVE-2002-0657", "CVE-2002-1568"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl095a", "p-cpe:/a:redhat:enterprise_linux:openssl096", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2002-157.NASL", "href": "https://www.tenable.com/plugins/nessus/12315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:157. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12315);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2002-0655\", \"CVE-2002-0656\", \"CVE-2002-1568\");\n script_xref(name:\"RHSA\", value:\"2002:157\");\n\n script_name(english:\"RHEL 2.1 : openssl (RHSA-2002:157)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages are available which fix several serious\nbuffer overflow vulnerabilities.\n\nOpenSSL is a commercial-grade, full-featured, and Open Source toolkit\nwhich implements the Secure Sockets Layer (SSL v2/v3) and Transport\nLayer Security (TLS v1) protocols as well as a full-strength general\npurpose cryptography library. A security audit of the OpenSSL code\nsponsored by DARPA found several buffer overflows in OpenSSL which\naffect versions 0.9.7 and 0.9.6d and earlier :\n\n1. The master key supplied by a client to an SSL version 2 server\ncould be oversized, causing a stack-based buffer overflow. This issue\nis remotely exploitable. Services that have SSLv2 disabled would not\nbe vulnerable to this issue. (CVE-2002-0656)\n\n2. The SSLv3 session ID supplied to a client from a malicious server\ncould be oversized and overrun a buffer. This issue looks to be\nremotely exploitable. (CVE-2002-0656)\n\n3. Various buffers used for storing ASCII representations of integers\nwere too small on 64 bit platforms. This issue may be exploitable.\n(CVE-2002-0655)\n\nA further issue was found in OpenSSL 0.9.7 that does not affect\nversions of OpenSSL shipped with Red Hat Linux (CVE-2002-0657).\n\nA large number of applications within Red Hat Linux make use the\nOpenSSL library to provide SSL support. All users are therefore\nadvised to upgrade to the errata OpenSSL packages, which contain\npatches to correct these vulnerabilities.\n\nNOTE :\n\nPlease read the Solution section below as it contains instructions for\nmaking sure that all SSL-enabled processes are restarted after the\nupdate is applied.\n\nThanks go to the OpenSSL team and Ben Laurie for providing patches for\nthese issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2002:157\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl095a\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl096\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:157\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-0.9.6b-24\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i686\", reference:\"openssl-0.9.6b-24\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-devel-0.9.6b-24\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl-perl-0.9.6b-24\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl095a-0.9.5a-14\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"openssl096-0.9.6-9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl095a / openssl096\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T15:00:44", "description": "It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)", "cvss3": {}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2012-38)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-38.NASL", "href": "https://www.tenable.com/plugins/nessus/69645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-38.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69645);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_xref(name:\"ALAS\", value:\"2012-38\");\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2012-38)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-38.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.0g-1.26.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.0g-1.26.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-05T14:04:37", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-01-31T00:00:00", "type": "nessus", "title": "CentOS 6 : openssl (CESA-2012:0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/57731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0059 and \n# CentOS Errata and Security Advisory 2012:0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57731);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"CentOS 6 : openssl (CESA-2012:0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018396.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd0fba87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-4576\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T14:59:26", "description": "From Red Hat Security Advisory 2012:0059 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openssl (ELSA-2012-0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/68437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0059 and \n# Oracle Linux Security Advisory ELSA-2012-0059 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68437);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2012-0059)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0059 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002569.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-04T14:09:21", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-01-25T00:00:00", "type": "nessus", "title": "RHEL 6 : openssl (RHSA-2012:0059)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2012-0059.NASL", "href": "https://www.tenable.com/plugins/nessus/57677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0059. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57677);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"RHSA\", value:\"2012:0059\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2012:0059)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4619\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0059\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T14:57:37", "description": "New upstream package with bugfixes and fixes for moderate and low impact CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/57546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0250.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57546);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_xref(name:\"FEDORA\", value:\"2012-0250\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with bugfixes and fixes for moderate and low\nimpact CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771780\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071944.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?004d146e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0f-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T14:57:55", "description": "New upstream package with bugfixes and fixes for moderate and low impact CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-01-11T00:00:00", "type": "nessus", "title": "Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-0232.NASL", "href": "https://www.tenable.com/plugins/nessus/57479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0232.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57479);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n script_bugtraq_id(51281);\n script_xref(name:\"FEDORA\", value:\"2012-0232\");\n\n script_name(english:\"Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream package with bugfixes and fixes for moderate and low\nimpact CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=771780\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e303d3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openssl-1.0.0f-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T15:05:22", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially crafted X.509 certificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120124_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61225);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use\nthis flaw to retrieve plain text from the encrypted packets by using a\nDTLS server as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol\nimplementation in OpenSSL. Incorrect initialization of SSL record\npadding bytes could cause an SSL client or server to send a limited\namount of possibly sensitive data to its SSL peer via the encrypted\nconnection. (CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application\nusing OpenSSL exit unexpectedly by providing a specially crafted X.509\ncertificate that has malformed RFC 3779 extension data.\n(CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A\nremote attacker could use this flaw to make a TLS/SSL server using\nOpenSSL consume an excessive amount of CPU by continuously restarting\nthe handshake. (CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. For the update to\ntake effect, all services linked to the OpenSSL library must be\nrestarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1943\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60ef0d7f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.0-20.el6_2.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.0-20.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-09T14:21:38", "description": "According to its banner, the remote web server is running a version of OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected by the following vulnerabilities :\n\n - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the 'enable-rfc3779' option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for server gated cryptography (SGC) that can allow denial of service attacks. (CVE-2011-4619)\n\n - An error exists in the GOST implementation that can allow invalid GOST parameters to crash the server.\n (CVE-2012-0027)", "cvss3": {}, "published": "2012-01-09T00:00:00", "type": "nessus", "title": "OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0F.NASL", "href": "https://www.tenable.com/plugins/nessus/57460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57460);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2011-4108\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4619\",\n \"CVE-2012-0027\"\n );\n script_bugtraq_id(51281);\n\n script_name(english:\"OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is affected by multiple SSL-related\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL 1.x that is earlier than 1.0.0f. Such versions are affected \nby the following vulnerabilities :\n\n - The Datagram Transport Layer Security (DTLS)\n implementation is vulnerable to plaintext recovery\n attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - An error exists related to SSLv3.0 records that can \n lead to disclosure of uninitialized memory because the\n library does not clear all bytes used as block cipher\n padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can\n allow denial of service attacks. Note that this \n functionality is not enabled by default and must be\n configured at compile time via the 'enable-rfc3779'\n option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for \n server gated cryptography (SGC) that can allow denial\n of service attacks. (CVE-2011-4619)\n\n - An error exists in the GOST implementation that can \n allow invalid GOST parameters to crash the server.\n (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/changelog.html\"\n );\n # Google html cache of AlFardan & Paterson PDF\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0f10f36\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSL 1.0.0f or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0f', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:20:03", "description": "Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)", "cvss3": {}, "published": "2012-01-17T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/57569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5635.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libopenssl0_9_8-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-doc-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T14:20:46", "description": "openssl was prone to several security issues :\n\n - DTLS Plaintext Recovery Attack (CVE-2011-4108)\n\n - Uninitialized SSL 3.0 Padding (CVE-2011-4576)\n\n - Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n\n - SGC Restart DoS Attack (CVE-2011-4619)\n\n - Invalid GOST parameters DoS Attack (CVE-2012-0027)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2012-52)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-52.NASL", "href": "https://www.tenable.com/plugins/nessus/74722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-52.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74722);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2012-52)\");\n script_summary(english:\"Check for the openSUSE-2012-52 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssl was prone to several security issues :\n\n - DTLS Plaintext Recovery Attack (CVE-2011-4108)\n\n - Uninitialized SSL 3.0 Padding (CVE-2011-4576)\n\n - Malformed RFC 3779 Data Can Cause Assertion Failures\n (CVE-2011-4577)\n\n - SGC Restart DoS Attack (CVE-2011-4619)\n\n - Invalid GOST parameters DoS Attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl-devel-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debuginfo-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debugsource-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0e-34.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0e-34.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-07T14:19:03", "description": "Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/75598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5634.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75598);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5634 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577) \n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl-devel-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl1_0_0-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openssl-1.0.0-6.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0-6.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-07T14:20:46", "description": "Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "href": "https://www.tenable.com/plugins/nessus/75908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5634.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75908);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5634 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in openssl :\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\n\n - invalid GOST parameters DoS attack (CVE-2012-0027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl-devel-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-debuginfo-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debuginfo-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debugsource-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0c-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0c-18.23.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:19:26", "description": "Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)", "cvss3": {}, "published": "2012-01-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-7923.NASL", "href": "https://www.tenable.com/plugins/nessus/57570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57570);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security vulnerabilities have been fixed in OpenSSL :\n\n - DTLS plaintext recovery attack. (CVE-2011-4108)\n\n - double-free in Policy Checks. (CVE-2011-4109)\n\n - uninitialized SSL 3.0 padding. (CVE-2011-4576)\n\n - malformed RFC 3779 data can cause assertion failures.\n (CVE-2011-4577)\n\n - SGC restart DoS attack (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4108.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7923.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.56.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.56.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:36:22", "description": "A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. (CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl098e", "p-cpe:/a:amazon:linux:openssl098e-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-682.NASL", "href": "https://www.tenable.com/plugins/nessus/90364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-682.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90364);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"ALAS\", value:\"2016-682\");\n\n script_name(english:\"Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle. (CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-682.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl098e' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-0.9.8e-29.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-debuginfo-0.9.8e-29.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:33:56", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.6 and 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-02T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2016:0304) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9"], "id": "REDHAT-RHSA-2016-0304.NASL", "href": "https://www.tenable.com/plugins/nessus/89070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0304. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89070);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"RHSA\", value:\"2016:0304\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2016:0304) (DROWN)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.6 and 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by\ndefault when using the 'SSLv23' connection methods, and removing\nsupport for weak SSLv2 cipher suites. It is possible to re-enable the\nSSLv2 protocol in the 'SSLv23' connection methods by default by\nsetting the OPENSSL_ENABLE_SSL2 environment variable before starting\nan application that needs to have SSLv2 enabled. For more information,\nrefer to the knowledge base article linked to in the References\nsection.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these\nissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as\nthe original reporters of CVE-2016-0800 and CVE-2015-3197; David\nAdrian (University of Michigan) and J. Alex Halderman (University of\nMichigan) as the original reporters of CVE-2016-0703 and\nCVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL\ndevelopment team) as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2176731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://drownattack.com/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://openssl.org/news/secadv/20160128.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://openssl.org/news/secadv/20160301.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0304\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"openssl-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"openssl-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"openssl-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"openssl-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"openssl-debuginfo-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i686\", reference:\"openssl-debuginfo-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-debuginfo-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"openssl-debuginfo-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-devel-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"openssl-devel-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-26.el5_9.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-12.el5_6.13\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-26.el5_9.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:35:11", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-02T00:00:00", "type": "nessus", "title": "RHEL 6 : openssl (RHSA-2016:0303) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2016-0303.NASL", "href": "https://www.tenable.com/plugins/nessus/89069", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89069);\n script_version(\"2.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"RHSA\", value:\"2016:0303\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:0303) (DROWN)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced\nUpdate Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by\ndefault when using the 'SSLv23' connection methods, and removing\nsupport for weak SSLv2 cipher suites. For more information, refer to\nthe knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these\nissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as\nthe original reporters of CVE-2016-0800 and CVE-2015-3197; David\nAdrian (University of Michigan) and J. Alex Halderman (University of\nMichigan) as the original reporters of CVE-2016-0703 and\nCVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL\ndevelopment team) as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2176731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://drownattack.com/\"\n );\n # https://openssl.org/news/secadv/20160128.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160128.txt\"\n );\n # https://openssl.org/news/secadv/20160301.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160301.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3197\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.2|6\\.4|6\\.5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2 / 6.4 / 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"openssl-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"openssl-devel-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"openssl-devel-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-devel-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-16.el6_5.16\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-27.el6_4.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"openssl-static-1.0.0-20.el6_2.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-16.el6_5.16\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:34:37", "description": "Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl098e", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-0372.NASL", "href": "https://www.tenable.com/plugins/nessus/89762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0372 and \n# CentOS Errata and Security Advisory 2016:0372 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89762);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"RHSA\", value:\"2016:0372\");\n\n script_name(english:\"CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by\ndefault when using the 'SSLv23' connection methods, and removing\nsupport for weak SSLv2 cipher suites. For more information, refer to\nthe knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these\nissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as\nthe original reporters of CVE-2016-0800 and CVE-2015-3197; David\nAdrian (University of Michigan) and J. Alex Halderman (University of\nMichigan) as the original reporters of CVE-2016-0703 and\nCVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL\ndevelopment team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021719.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2df74521\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f677a534\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl098e package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0293\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl098e-0.9.8e-20.el6.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl098e-0.9.8e-29.el7.centos.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:34:29", "description": "From Red Hat Security Advisory 2016:0372 :\n\nUpdated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl098e", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-0372.NASL", "href": "https://www.tenable.com/plugins/nessus/89770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0372 and \n# Oracle Linux Security Advisory ELSA-2016-0372 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89770);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"RHSA\", value:\"2016:0372\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl098e (ELSA-2016-0372) (DROWN)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0372 :\n\nUpdated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by\ndefault when using the 'SSLv23' connection methods, and removing\nsupport for weak SSLv2 cipher suites. For more information, refer to\nthe knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these\nissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as\nthe original reporters of CVE-2016-0800 and CVE-2015-3197; David\nAdrian (University of Michigan) and J. Alex Halderman (University of\nMichigan) as the original reporters of CVE-2016-0703 and\nCVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL\ndevelopment team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e\nlibrary must be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005849.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl098e package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl098e-0.9.8e-20.0.1.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl098e-0.9.8e-29.el7_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:34:03", "description": "Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL development team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl098e", "p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-0372.NASL", "href": "https://www.tenable.com/plugins/nessus/89773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0372. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89773);\n script_version(\"2.21\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n script_xref(name:\"RHSA\", value:\"2016:0372\");\n\n script_name(english:\"RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by\ndefault when using the 'SSLv23' connection methods, and removing\nsupport for weak SSLv2 cipher suites. For more information, refer to\nthe knowledge base article linked to in the References section.\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these\nissues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as\nthe original reporters of CVE-2016-0800 and CVE-2015-3197; David\nAdrian (University of Michigan) and J. Alex Halderman (University of\nMichigan) as the original reporters of CVE-2016-0703 and\nCVE-2016-0704; and Sean Burford (Google) and Emilia Kasper (OpenSSL\ndevelopment team) as the original reporters of CVE-2015-0293.\n\nAll openssl098e users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\nFor the update to take effect, all services linked to the openssl098e\nlibrary must be restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2176731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://drownattack.com/\"\n );\n # https://openssl.org/news/secadv/20160128.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160128.txt\"\n );\n # https://openssl.org/news/secadv/20160301.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20160301.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3197\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl098e and / or openssl098e-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0372\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-0.9.8e-20.el6_7.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl098e-debuginfo-0.9.8e-20.el6_7.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-0.9.8e-29.el7_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-debuginfo-0.9.8e-29.el7_2.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T16:35:00", "description": "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non- export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nFor the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-10T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl098e", "p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160309_OPENSSL098E_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/89825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89825);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0293\", \"CVE-2015-3197\", \"CVE-2016-0703\", \"CVE-2016-0704\", \"CVE-2016-0800\");\n\n script_name(english:\"Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A padding oracle flaw was found in the Secure Sockets Layer version\n2.0 (SSLv2) protocol. An attacker can potentially use this flaw to\ndecrypt RSA-encrypted cipher text from a connection using a newer\nSSL/TLS protocol version, allowing them to decrypt such connections.\nThis cross-protocol attack is publicly referred to as DROWN.\n(CVE-2016-0800)\n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon- export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption\noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL\ndid not properly implement the Bleichenbacher protection for export\ncipher suites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. (CVE-2016-0704)\n\nNote: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more\nefficient exploitation of the CVE-2016-0800 issue via the DROWN\nattack.\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA flaw was found in the way malicious SSLv2 clients could negotiate\nSSLv2 ciphers that have been disabled on the server. This could result\nin weak SSLv2 ciphers being used for SSLv2 connections, making them\nvulnerable to man-in-the-middle attacks. (CVE-2015-3197)\n\nFor the update to take effect, all services linked to the openssl098e\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=3432\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?815b2a87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl098e and / or openssl098e-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-0.9.8e-20.el6_7.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl098e-debuginfo-0.9.8e-20.el6_7.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl098e-0.9.8e-29.el7_2.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl098e-debuginfo-0.9.8e-29.el7_2.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:18:22", "description": "Versions of OpenSSL 0.9.8 earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following vulnerabilities :\n\n - An extension of the Vaudenay padding oracle attack exists against CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. (CVE-2011-4108)\n\n - If x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. (CVE-2011-4109)\n\n - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)\n\n - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)\n\n - Support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. (CVE-2011-4619)\n\n - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to a lack of error checking. (CVE-2012-0027)", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2012-01-05T00:00:00", "cpe": [], "id": "801059.PRM", "href": "https://www.tenable.com/plugins/lce/801059", "sourceData": "Binary data 801059.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T14:25:05", "description": "Versions of OpenSSL 0.9.8 earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following vulnerabilities :\n\n - An extension of the Vaudenay padding oracle attack exists against CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. (CVE-2011-4108)\n\n - If x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. (CVE-2011-4109)\n\n - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)\n\n - RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)\n\n - Support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. (CVE-2011-4619)\n\n - A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to a lack of error checking. (CVE-2012-0027)", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "6129.PRM", "href": "https://www.tenable.com/plugins/nnm/6129", "sourceData": "Binary data 6129.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:19:08", "description": "The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.\n\nRFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.", "cvss3": {}, "published": "2012-01-16T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/nessus/57551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57551);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\");\n script_bugtraq_id(51281);\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Team reports :\n\n6 security flaws have been fixed in OpenSSL 1.0.0f :\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free.\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as\nblock cipher padding in SSL 3.0 records. As a result, in each record,\nup to 15 bytes of uninitialized memory may be sent, encrypted, to the\nSSL peer. This could include sensitive contents of previously freed\nmemory.\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack.\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can\nbe used in a denial-of-service attack.\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking.\nThis could be used in a denial-of-service attack.\"\n );\n # http://openssl.org/news/secadv/20120104.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/78cc8a46-3e56-11e1-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?726bda3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.0_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:20:06", "description": "According to its banner, the remote web server is running a version of OpenSSL older than 0.9.8s. Such versions have the following vulnerabilities :\n\n - An error exists related to ECDSA signatures and binary curves. The implementation of curves over binary fields could allow a remote, unauthenticated attacker to determine private key material via timing attacks.\n (CVE-2011-1945)\n\n - The Datagram Transport Layer Security (DTLS) implementation is vulnerable to plaintext recovery attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - A double-free error exists during a policy check failure if the flag 'X509_V_FLAG_POLICY_CHECK' is set.\n (CVE-2011-4109)\n\n - An error exists related to SSLv3.0 records that can lead to disclosure of uninitialized memory because the library does not clear all bytes used as block cipher padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can allow denial of service attacks. Note that this functionality is not enabled by default and must be configured at compile time via the 'enable-rfc3779' option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for server gated cryptography (SGC) that can allow denial of service attacks. (CVE-2011-4619)", "cvss3": {}, "published": "2012-01-09T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1945", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8S.NASL", "href": "https://www.tenable.com/plugins/nessus/57459", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57459);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\n \"CVE-2011-1945\",\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4577\",\n \"CVE-2011-4619\"\n );\n script_bugtraq_id(51281, 47888);\n script_xref(name:\"CERT\", value:\"536044\");\n\n script_name(english:\"OpenSSL < 0.9.8s Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has multiple SSL-related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL older than 0.9.8s. Such versions have the following\nvulnerabilities :\n\n - An error exists related to ECDSA signatures and binary\n curves. The implementation of curves over binary fields\n could allow a remote, unauthenticated attacker to\n determine private key material via timing attacks.\n (CVE-2011-1945)\n\n - The Datagram Transport Layer Security (DTLS)\n implementation is vulnerable to plaintext recovery\n attacks when decrypting in CBC mode. (CVE-2011-4108)\n\n - A double-free error exists during a policy check\n failure if the flag 'X509_V_FLAG_POLICY_CHECK' is set.\n (CVE-2011-4109)\n\n - An error exists related to SSLv3.0 records that can \n lead to disclosure of uninitialized memory because the\n library does not clear all bytes used as block cipher\n padding. (CVE-2011-4576)\n\n - An error exists related to RFC 3779 processing that can\n allow denial of service attacks. Note that this \n functionality is not enabled by default and must be\n configured at compile time via the 'enable-rfc3779'\n option. (CVE-2011-4577)\n\n - An error exists related to handshake restarts for \n server gated cryptography (SGC) that can allow denial\n of service attacks. (CVE-2011-4619)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20120104.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/changelog.html\"\n );\n # Google html cache of AlFardan & Paterson PDF\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0f10f36\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2011/232.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"http://cvs.openssl.org/chngview?cn=21301\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSL 0.9.8s or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:make_list('0.9.8s'), severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:31", "description": "The version of Oracle VM VirtualBox running on the remote host is 5.1.x prior to 5.1.30. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information.\n\nNessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox 5.1.x < 5.1.30 (October 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10392", "CVE-2017-10407", "CVE-2017-10408", "CVE-2017-10428", "CVE-2017-3167", "CVE-2017-3733"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_1_30.NASL", "href": "https://www.tenable.com/plugins/nessus/103930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103930);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3733\",\n \"CVE-2017-10392\",\n \"CVE-2017-10407\",\n \"CVE-2017-10408\",\n \"CVE-2017-10428\"\n );\n script_bugtraq_id(\n 96269,\n 99135,\n 101362,\n 101368,\n 101370,\n 101371\n );\n\n script_name(english:\"Oracle VM VirtualBox 5.1.x < 5.1.30 (October 2017 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle VM VirtualBox running on the remote host is\n5.1.x prior to 5.1.30. It is, therefore, affected by multiple\nvulnerabilities as noted in the October 2017 Critical Patch Update\nadvisory. Please consult the CVRF details for the applicable CVEs\nfor additional information.\n\nNessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3236622.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efb80e57\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.1.30 or later as\nreferenced in the October 2017 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Affected :\n# 5.1.x < 5.1.30\nif (ver =~ '^5\\\\.1' && ver_compare(ver:ver, fix:'5.1.30', strict:FALSE) < 0) fix = '5.1.30';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\nexit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:38:55", "description": "A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially crafted certificate was imported.\n(CVE-2015-0209)\n\nA denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client could send a specially crafted SSLv2 CLIENT-MASTER-KEY message that would cause an OpenSSL server that both supports SSLv2 and enables EXPORT-grade cipher suites to crash. (CVE-2015-0293)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA flaw was found in the the ASN (Abstract Syntax Notation) parsing code of OpenSSL. An attacker could present a specially crafted certificate, which when verified by an OpenSSL client or server could cause it to crash. (CVE-2015-0286)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 blobs. An attacker could cause OpenSSL to crash, when applications verify, decrypt or parsed these ASN.1 encoded PKCS#7 blobs. OpenSSL clients and servers are not affected. (CVE-2015-0289)\n\nA NULL pointer dereference flaw was found in OpenSSL's x509 certificate handling implementation. A remote attacker could use this flaw to crash an OpenSSL server using an invalid certificate key.\n(CVE-2015-0288)", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-498)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-498.NASL", "href": "https://www.tenable.com/plugins/nessus/82047", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-498.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82047);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"ALAS\", value:\"2015-498\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-498)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free flaw was found in the way OpenSSL importrf certain\nElliptic Curve private keys. An attacker could use this flaw to crash\nOpenSSL, if a specially crafted certificate was imported.\n(CVE-2015-0209)\n\nA denial of service flaw was found in the way OpenSSL handled certain\nSSLv2 messages. A malicious client could send a specially crafted\nSSLv2 CLIENT-MASTER-KEY message that would cause an OpenSSL server\nthat both supports SSLv2 and enables EXPORT-grade cipher suites to\ncrash. (CVE-2015-0293)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could use a specially\ncrafted ASN.1 structure that, when parsed by an application, would\ncause that application to crash. (CVE-2015-0287)\n\nA flaw was found in the the ASN (Abstract Syntax Notation) parsing\ncode of OpenSSL. An attacker could present a specially crafted\ncertificate, which when verified by an OpenSSL client or server could\ncause it to crash. (CVE-2015-0286)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 blobs. An attacker could cause OpenSSL to crash, when\napplications verify, decrypt or parsed these ASN.1 encoded PKCS#7\nblobs. OpenSSL clients and servers are not affected. (CVE-2015-0289)\n\nA NULL pointer dereference flaw was found in OpenSSL's x509\ncertificate handling implementation. A remote attacker could use this\nflaw to crash an OpenSSL server using an invalid certificate key.\n(CVE-2015-0288)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-498.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-1.84.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-1.84.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:49", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - update fix for CVE-2015-0287 to what was released upstream\n\n - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey\n\n - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison\n\n - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption\n\n - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data\n\n - fix CVE-2015-0292 - integer underflow in base64 decoder\n\n - fix CVE-2015-0293 - triggerable assert in SSLv2 server", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0039)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/82066", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82066);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_bugtraq_id(73196, 73225, 73227, 73228, 73231, 73232, 73239);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0039)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - update fix for CVE-2015-0287 to what was released\n upstream\n\n - fix CVE-2015-0209 - potential use after free in\n d2i_ECPrivateKey\n\n - fix CVE-2015-0286 - improper handling of ASN.1 boolean\n comparison\n\n - fix CVE-2015-0287 - ASN.1 structure reuse decoding\n memory corruption\n\n - fix CVE-2015-0289 - NULL dereference decoding invalid\n PKCS#7 data\n\n - fix CVE-2015-0292 - integer underflow in base64 decoder\n\n - fix CVE-2015-0293 - triggerable assert in SSLv2 server\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-March/000291.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58e10343\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-30.el6_6.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-30T14:47:23", "description": "OpenSSL has been updated to fix various security issues :\n\n - A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. (CVE-2015-0286)\n\n - A ASN.1 structure reuse memory corruption was fixed.\n This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. (CVE-2015-0287)\n\n - A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods.\n (CVE-2015-0288)\n\n - Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default.\n (CVE-2015-0289)\n\n - Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data.\n (CVE-2015-0292)\n\n - Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. (CVE-2015-0293)", "cvss3": {}, "published": "2015-03-20T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:compat-openssl097g", "p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_COMPAT-OPENSSL097G-150317.NASL", "href": "https://www.tenable.com/plugins/nessus/81970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81970);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL has been updated to fix various security issues :\n\n - A segmentation fault in ASN1_TYPE_cmp was fixed that\n could be exploited by attackers when e.g. client\n authentication is used. This could be exploited over SSL\n connections. (CVE-2015-0286)\n\n - A ASN.1 structure reuse memory corruption was fixed.\n This problem can not be exploited over regular SSL\n connections, only if specific client programs use\n specific ASN.1 routines. (CVE-2015-0287)\n\n - A X509_to_X509_REQ NULL pointer dereference was fixed,\n which could lead to crashes. This function is not\n commonly used, and not reachable over SSL methods.\n (CVE-2015-0288)\n\n - Several PKCS7 NULL pointer dereferences were fixed,\n which could lead to crashes of programs using the PKCS7\n APIs. The SSL apis do not use those by default.\n (CVE-2015-0289)\n\n - Various issues in base64 decoding were fixed, which\n could lead to crashes with memory corruption, for\n instance by using attacker supplied PEM data.\n (CVE-2015-0292)\n\n - Denial of service via reachable assert in SSLv2 servers,\n could be used by remote attackers to terminate the\n server process. Note that this requires SSLv2 being\n allowed, which is not the default. (CVE-2015-0293)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0286.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0287.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0288.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0289.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0292.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0293.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10470.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:11", "description": "The remote host is running a version of OpenSSL which is potentially affected by the following vulnerabilities : \n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0288)\n\n - The PKCS#7 implementation does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "nessus", "title": "OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2015-03-19T00:00:00", "cpe": [], "id": "801937.PRM", "href": "https://www.tenable.com/plugins/lce/801937", "sourceData": "Binary data 801937.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:20:11", "description": "OpenSSL before 0.9.8zf, 1.0.0r, or 1.0.1m are unpatched for the following vulnerabilities :\n\n - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)\n\n - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)\n\n - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)", "cvss3": {}, "published": "2015-03-27T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8662.PRM", "href": "https://www.tenable.com/plugins/nnm/8662", "sourceData": "Binary data 8662.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:11:13", "description": "Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-04T00:00:00", "type": "nessus", "title": "Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-6951.NASL", "href": "https://www.tenable.com/plugins/nessus/83216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6951.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83216);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"FEDORA\", value:\"2015-6951\");\n\n script_name(english:\"Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1203855\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49165297\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-openssl-1.0.2a-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:08:38", "description": "OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default.\n\n - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default.", "cvss3": {}, "published": "2015-03-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-247)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-247.NASL", "href": "https://www.tenable.com/plugins/nessus/81995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-247.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81995);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-247)\");\n script_summary(english:\"Check for the openSUSE-2015-247 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following\n d2i_ECPrivatekey error was fixed which could lead to\n crashes for attacker supplied Elliptic Curve keys. This\n could be exploited over SSL connections with client\n supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was\n fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited\n over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption\n was fixed. This problem can not be exploited over\n regular SSL connections, only if specific client\n programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer\n dereference was fixed, which could lead to crashes. This\n function is not commonly used, and not reachable over\n SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences\n were fixed, which could lead to crashes of programs\n using the PKCS7 APIs. The SSL apis do not use those by\n default.\n\n - CVE-2015-0293: Denial of service via reachable assert in\n SSLv2 servers, could be used by remote attackers to\n terminate the server process. Note that this requires\n SSLv2 being allowed, which is not the default.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922500\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:21:00", "description": "Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-05T00:00:00", "type": "nessus", "title": "Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-6855.NASL", "href": "https://www.tenable.com/plugins/nessus/83238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6855.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83238);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"FEDORA\", value:\"2015-6855\");\n\n script_name(english:\"Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to OpenSSL 1.0.2a which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1203855\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?520fec37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-openssl-1.0.2a-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-30T14:53:33", "description": "The self-reported SGOS version of the remote Blue Coat ProxySG device is 6.2.x prior to 6.2.16.4, 6.5.x prior to 6.5.7.5, or 6.6.x prior to 6.6.2.1. Therefore, it contains a bundled version of OpenSSL that is affected by multiple vulnerabilities :\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate sent to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)", "cvss3": {}, "published": "2015-06-25T00:00:00", "type": "nessus", "title": "Blue Coat ProxySG 6.2.x < 6.2.16.4 / 6.5.x < 6.5.7.5 / 6.6.x < 6.6.2.1 Multiple OpenSSL Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_5_7_5.NASL", "href": "https://www.tenable.com/plugins/nessus/84400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84400);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73228,\n 73231,\n 73232,\n 73237\n );\n\n script_name(english:\"Blue Coat ProxySG 6.2.x < 6.2.16.4 / 6.5.x < 6.5.7.5 / 6.6.x < 6.6.2.1 Multiple OpenSSL Vulnerabilities\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The self-reported SGOS version of the remote Blue Coat ProxySG device\nis 6.2.x prior to 6.2.16.4, 6.5.x prior to 6.5.7.5, or 6.6.x prior to\n6.6.2.1. Therefore, it contains a bundled version of OpenSSL that is\naffected by multiple vulnerabilities :\n\n - An invalid read flaw exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate sent to an endpoint that uses\n the certificate-verification feature, to cause an\n invalid read operation, resulting in a denial of\n service. (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the\n EVP_DecodeUpdate() function due to improper validation\n of base64 encoded input when decoding. This allows a\n remote attacker, using maliciously crafted base64 data,\n to cause a segmentation fault or memory corruption,\n resulting in a denial of service or possibly the\n execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\");\n script_set_attribute(attribute:\"see_also\",value:\"https://bto.bluecoat.com/security-advisory/sa92\");\n script_set_attribute(attribute:\"solution\",value:\n\"Upgrade to SGOS version 6.2.16.4 / 6.5.7.5 / 6.6.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2014/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2015/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/o:bluecoat:sgos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif(version !~ \"^6\\.([652])\\.\")\n audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 6.6.x / 6.5.x / 6.2.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif(version =~ \"^6\\.6\\.\" && ver_compare(ver:version, fix:\"6.6.2.1\", strict:FALSE) == -1)\n{\n fix = '6.6.2.1';\n ui_fix = '6.6.2.1 Build 0';\n}\nelse if(version =~ \"^6\\.5\\.\" && ver_compare(ver:version, fix:\"6.5.7.5\", strict:FALSE) == -1)\n{\n fix = '6.5.7.5';\n ui_fix = '6.5.7.5 Build 0';\n}\nelse if(version =~ \"^6\\.2\\.\" && ver_compare(ver:version,fix:\"6.2.16.4\",strict:FALSE) == -1)\n{\n fix = '6.2.16.4';\n ui_fix = '6.2.16.4 Build 0';\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n\n# Select fixed version for report\nif (isnull(ui_version)) report_fix = fix;\nelse report_fix = ui_fix;\n\nreport =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:20:26", "description": "OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default.\n\n - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0541-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83703);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_bugtraq_id(73196, 73225, 73227, 73231, 73232, 73237, 73239);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL was updated to fix various security issues.\n\nFollowing security issues were fixed :\n\n - CVE-2015-0209: A Use After Free following\n d2i_ECPrivatekey error was fixed which could lead to\n crashes for attacker supplied Elliptic Curve keys. This\n could be exploited over SSL connections with client\n supplied keys.\n\n - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was\n fixed that could be exploited by attackers when e.g.\n client authentication is used. This could be exploited\n over SSL connections.\n\n - CVE-2015-0287: A ASN.1 structure reuse memory corruption\n was fixed. This problem can not be exploited over\n regular SSL connections, only if specific client\n programs use specific ASN.1 routines.\n\n - CVE-2015-0288: A X509_to_X509_REQ NULL pointer\n dereference was fixed, which could lead to crashes. This\n function is not commonly used, and not reachable over\n SSL methods.\n\n - CVE-2015-0289: Several PKCS7 NULL pointer dereferences\n were fixed, which could lead to crashes of programs\n using the PKCS7 APIs. The SSL apis do not use those by\n default.\n\n - CVE-2015-0293: Denial of service via reachable assert in\n SSLv2 servers, could be used by remote attackers to\n terminate the server process. Note that this requires\n SSLv2 being allowed, which is not the default.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0209/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0286/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0287/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0288/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0293/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150541-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce7c4e1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-133=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-133=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-133=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-20.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:40:05", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2015-04-22T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-111-09.NASL", "href": "https://www.tenable.com/plugins/nessus/82922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-111-09. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82922);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0293\");\n script_xref(name:\"SSA\", value:\"2015-111-09\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.756101\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93541373\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zf\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1m\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:22:24", "description": "The remote host is affected by the vulnerability described in GLSA-201203-12 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption in OpenSSL’s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577).\n A resource management error can occur when OpenSSL’s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n Impact :\n\n A remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2012-03-06T00:00:00", "type": "nessus", "title": "GLSA-201203-12 : OpenSSL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201203-12.NASL", "href": "https://www.tenable.com/plugins/nessus/58222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-12.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58222);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"GLSA\", value:\"201203-12\");\n\n script_name(english:\"GLSA-201203-12 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-12\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL:\n Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL’s implementation of DTLS (CVE-2011-4108).\n A policy check failure can result in a double-free error when\n X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).\n Clients and servers using SSL 3.0 handshakes do not clear the block\n cipher padding, allowing a record to contain up to 15 bytes of\n uninitialized memory, which could include sensitive information\n (CVE-2011-4576).\n Assertion errors can occur during the handling of malformed X.509\n certificates when OpenSSL is built with RFC 3779 support\n (CVE-2011-4577).\n A resource management error can occur when OpenSSL’s server gated\n cryptography (SGC) does not properly handle handshake restarts\n (CVE-2011-4619).\n Invalid parameters in the GOST block cipher are not properly handled\n by the GOST ENGINE(CVE-2012-0027).\n An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service or obtain\n sensitive information, including plaintext passwords.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.0g'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.0g\", \"rge 0.9.8t\", \"rge 0.9.8u\", \"rge 0.9.8v\", \"rge 0.9.8w\", \"rge 0.9.8x\", \"rge 0.9.8y\", \"rge 0.9.8z_p1\", \"rge 0.9.8z_p2\", \"rge 0.9.8z_p3\", \"rge 0.9.8z_p4\", \"rge 0.9.8z_p5\", \"rge 0.9.8z_p6\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.0g\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:46:10", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4576", "CVE-2011-4577", "CVE-2011-4619", "CVE-2012-0027", "CVE-2012-0050"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.0", "p-cpe:/a:oracle:solaris:openssl"], "id": "SOLARIS11_OPENSSL_20120404.NASL", "href": "https://www.tenable.com/plugins/nessus/80715", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80715);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2011-4109\", \"CVE-2011-4576\", \"CVE-2011-4577\", \"CVE-2011-4619\", \"CVE-2012-0027\", \"CVE-2012-0050\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC\n 3779 support is enabled, allows remote attackers to\n cause a denial of service (assertion failure) via an\n X.509 certificate containing certificate-extension data\n associated with (1) IP address blocks or (2) Autonomous\n System (AS) identifiers. (CVE-2011-4577)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service (CPU consumption)\n via unspecified vectors. (CVE-2011-4619)\n\n - The GOST ENGINE in OpenSSL before 1.0.0f does not\n properly handle invalid parameters for the GOST block\n cipher, which allows remote attackers to cause a denial\n of service (daemon crash) via crafted data from a TLS\n client. (CVE-2012-0027)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service (crash) via unspecified vectors\n related to an out-of-bounds read. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-0050-denial-of-service-dos-vulnerability-in-openssl\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ecff53d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 4a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.4.0.6.0\", sru:\"SRU 4a\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T14:18:49", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Storage 2.1.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Kasper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Kasper of the OpenSSL development team as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2015-04-01T00:00:00", "type": "nessus", "title": "RHEL 6 : Storage Server (RHSA-2015:0752)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0752.NASL", "href": "https://www.tenable.com/plugins/nessus/82494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0752. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82494);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_xref(name:\"RHSA\", value:\"2015:0752\");\n\n script_name(english:\"RHEL 6 : Storage Server (RHSA-2015:0752)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Storage 2.1.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()\nfunction. A remote attacker could crash a TLS/SSL client or server\nusing OpenSSL via a specially crafted X.509 certificate when the\nattacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way OpenSSL decoded malformed Base64-encoded inputs. An attacker\nable to make an application using OpenSSL decode a specially crafted\nBase64-encoded input (such as a PEM file) could use this flaw to cause\nthe application to crash. Note: this flaw is not exploitable via the\nTLS/SSL protocol because the data being transferred is not\nBase64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause\nan application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could possibly use a\nspecially crafted ASN.1 structure that, when parsed by an application,\nwould cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509\ncertificate handling implementation. A specially crafted X.509\ncertificate could cause an application using OpenSSL to crash if the\napplication attempted to convert the certificate to a certificate\nrequest. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,\nCVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson\nof the OpenSSL development team as the original reporter of\nCVE-2015-0286, Emilia Kasper of the OpenSSL development team as the\noriginal reporter of CVE-2015-0287, Brian Carpenter as the original\nreporter of CVE-2015-0288, Michal Zalewski of Google as the original\nreporter of CVE-2015-0289, Robert Dugal and David Ramos as the\noriginal reporters of CVE-2015-0292, and Sean Burford of Google and\nEmilia Kasper of the OpenSSL development team as the original\nreporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150319.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1384453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0288\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0752\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"redhat-storage-server\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Storage Server\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-30.el6_6.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-30.el6_6.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-30.el6_6.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-30.el6_6.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:00", "description": "From Red Hat Security Advisory 2015:0715 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Kasper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Kasper of the OpenSSL development team as the original reporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : openssl (ELSA-2015-0715)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-0715.NASL", "href": "https://www.tenable.com/plugins/nessus/82015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0715 and \n# Oracle Linux Security Advisory ELSA-2015-0715 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82015);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_xref(name:\"RHSA\", value:\"2015:0715\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2015-0715)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0715 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp()\nfunction. A remote attacker could crash a TLS/SSL client or server\nusing OpenSSL via a specially crafted X.509 certificate when the\nattacker-supplied certificate was verified by the application.\n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in\nthe way OpenSSL decoded malformed Base64-encoded inputs. An attacker\nable to make an application using OpenSSL decode a specially crafted\nBase64-encoded input (such as a PEM file) could use this flaw to cause\nthe application to crash. Note: this flaw is not exploitable via the\nTLS/SSL protocol because the data being transferred is not\nBase64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had\nboth the SSLv2 protocol and EXPORT-grade cipher suites enabled.\n(CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause\nan application using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused\ncertain ASN.1 structures. A remote attacker could possibly use a\nspecially crafted ASN.1 structure that, when parsed by an application,\nwould cause that application to crash. (CVE-2015-0287)\n\nA NULL pointer dereference flaw was found in OpenSSL's X.509\ncertificate handling implementation. A specially crafted X.509\ncertificate could cause an application using OpenSSL to crash if the\napplication attempted to convert the certificate to a certificate\nrequest. (CVE-2015-0288)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,\nCVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson\nof the OpenSSL development team as the original reporter of\nCVE-2015-0286, Emilia Kasper of the OpenSSL development team as the\noriginal reporter of CVE-2015-0287, Brian Carpenter as the original\nreporter of CVE-2015-0288, Michal Zalewski of Google as the original\nreporter of CVE-2015-0289, Robert Dugal and David Ramos as the\noriginal reporters of CVE-2015-0292, and Sean Burford of Google and\nEmilia Kasper of the OpenSSL development team as the original\nreporters of CVE-2015-0293.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004922.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-30.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-30.el6_6.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:18:32", "description": "Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Fedora 22 : openssl-1.0.1k-6.fc22 (2015-4320)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-4320.NASL", "href": "https://www.tenable.com/plugins/nessus/82060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4320.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82060);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_bugtraq_id(73225, 73227, 73228, 73231, 73232, 73237, 73239);\n script_xref(name:\"FEDORA\", value:\"2015-4320\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-6.fc22 (2015-4320)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292,\nCVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202418\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44594cda\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-6.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T14:38:55", "description": "Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Fedora 21 : openssl-1.0.1k-6.fc21 (2015-4303)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-4303.NASL", "href": "https://www.tenable.com/plugins/nessus/82059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4303.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82059);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_bugtraq_id(73225, 73227, 73228, 73231, 73232, 73237, 73239);\n script_xref(name:\"FEDORA\", value:\"2015-4303\");\n\n script_name(english:\"Fedora 21 : openssl-1.0.1k-6.fc21 (2015-4303)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292,\nCVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202418\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d0debe9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openssl-1.0.1k-6.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T15:07:49", "description": "The remote Cisco IOS XE device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)", "cvss3": {}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCut46130 / CSCut46126)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:cisco:ios_xe"], "id": "CISCO-SA-20150320-OPENSSL-IOSXE.NASL", "href": "https://www.tenable.com/plugins/nessus/90526", "sourceData": "#TRUSTED a4c53503c388e2f66ee2ed51343b9713c6f0cd34004b8452855a574e3b1f202bb9fa7ff9c2cef512e1f92c563d8a54760552a0e9dd87f4899c116e4d2b6a7c2be07823878ebc9d5295cedeeff1679763f3facb87d83d0f97458ec717566a5640856f93ab0532bbcc619e6330d63de02f45c55cb3ac2e07883be3de297d39e4695fa62445ef63b00dd9387102377eeec2013b929664919bdc378f16b33ce6765b399b843cef51c40f28a2409a11deec2d032ee559d9a702d9ee604cbc8979d6a25065fa4c2cd6975ad70e439352f32e21285d06738a03b771221b731cc740986892cc1c65422009fdf54347bac58f85a6cd9e33a817dc7b07d8d8cc57ec48c1385483e93fc03383cf4613cd6318314766b52992425677cf5c0c73cbf83231c6df056bd5b9ee2a36992f01af89f2d5a16a0ad19efdba7101c406bda57ff7ac9c9519f19329edab6cc3d879d08c1c9297bfa1853d7763ae3d76c53ba8925de39ebe2048fe255d898f51cb31e27f16438bedb13120636879e64a32e0319db980b383ba1607539aa91849cb4d84104f9f16add571513ef6f866f77c534fab2411a19d20fbbd858d79dcc19e1c122c3a3c27828c2ac2276513a79981475bd32e2b7b1af8cda347c7b081589bfa50621e271da231517491bc5cb52e0df8f2468dba161079a31b9c830af162264f69f447f39b77af4a287bcff868e9fb1e1e98f96671ab\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90526);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73228,\n 73231,\n 73232,\n 73237,\n 73239\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut46130\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut46126\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150320-openssl\");\n\n script_name(english:\"Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCut46130 / CSCut46126)\");\n script_summary(english:\"Checks the IOS XE version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco IOS XE device is missing a vendor-supplied security\npatch and has an IOS service configured to use TLS or SSL. It is,\ntherefore, affected by the following vulnerabilities in the bundled\nOpenSSL library :\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read error exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the\n EVP_DecodeUpdate() function due to improper validation\n of base64 encoded input when decoding. This allows a\n remote attacker, using maliciously crafted base64 data,\n to cause a segmentation fault or memory corruption,\n resulting in a denial of service or possibly the\n execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2beef118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut46130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCut46130.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios_xe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_xe_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS-XE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS-XE/Version\");\n##\n# Examines the output of show running config all for evidence\n# the WebUI is running and using SSL\n#\n# @remark 'override' in the return value signals that the scan\n# was not provided sufficient credentials to check for\n# the related configurations. 'flag' signals whether or\n# not the configuration examined shows the webui with\n# SSL is enabled\n#\n# @return always an array like:\n# {\n# 'override' : (TRUE|FALSE),\n# 'flag' : (TRUE|FALSE)\n# }\n##\nfunction iosxe_webui_ssl()\n{\n local_var res, buf;\n res = make_array(\n 'override', TRUE,\n 'flag', TRUE\n );\n\n # Signal we need local checks\n if (!get_kb_item(\"Host/local_checks_enabled\"))\n return res;\n\n buf = cisco_command_kb_item(\n \"Host/Cisco/Config/show_running-config_all\",\n \"show running-config all\"\n );\n\n # Privilege escalation required\n if (cisco_needs_enable(buf))\n return res;\n\n res['flag'] = FALSE;\n\n # Check to make sure no errors in command output\n if(!check_cisco_result(buf))\n return res;\n\n # All good check for various SSL services\n res['override'] = FALSE;\n\n # Web UI HTTPS\n if (preg(string:buf, pattern:\"^ip http secure-server\", multiline:TRUE))\n res['flag'] = TRUE;\n\n return res;\n}\n\n##\n# Main check logic\n##\n\nflag = 0;\nif (version == \"3.11.0S\") flag++;\nif (version == \"3.12.0S\") flag++;\nif (version == \"3.13.0S\") flag++;\nif (version == \"3.14.0S\") flag++;\nif (version == \"3.15.0S\") flag++;\n\nif (!flag)\n audit(AUDIT_INST_VER_NOT_VULN, \"Cisco IOS XE\", version);\n\n# Configuration check\nsslcheck = iosxe_webui_ssl();\n\nif (!sslcheck['flag'] && !sslcheck['override'])\n audit(AUDIT_HOST_NOT, \"affected because it appears the WebUI is not enabled or not using SSL/TLS\");\n\n# Override is shown regardless of verbosity\nreport = \"\";\nif (report_verbosity > 0)\n{\n order = make_list('Cisco bug ID', 'Installed release');\n report = make_array(\n order[0], 'CSCut46130 / CSCut46126',\n order[1], version\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n}\n\nsecurity_hole(port:0, extra:report+cisco_caveat(sslcheck['override']));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:07:02", "description": "Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292, CVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Fedora 20 : openssl-1.0.1e-42.fc20 (2015-4300)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-4300.NASL", "href": "https://www.tenable.com/plugins/nessus/82058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4300.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82058);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0209\", \"CVE-2015-0286\", \"CVE-2015-0287\", \"CVE-2015-0288\", \"CVE-2015-0289\", \"CVE-2015-0292\", \"CVE-2015-0293\");\n script_bugtraq_id(73225, 73227, 73228, 73231, 73232, 73237, 73239);\n script_xref(name:\"FEDORA\", value:\"2015-4300\");\n\n script_name(english:\"Fedora 20 : openssl-1.0.1e-42.fc20 (2015-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0209, CVE-2015-0289, CVE-2015-0292,\nCVE-2015-0287, CVE-2015-0286, CVE-2015-0288\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1196737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202418\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?690fa967\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openssl-1.0.1e-42.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:35:32", "description": "The remote Cisco IOS device is missing a vendor-supplied security patch and has an IOS service configured to use TLS or SSL. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)", "cvss3": {}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "Cisco IOS Multiple OpenSSL Vulnerabilities (CSCut46130)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2019-11-19T00:00:00", "cpe": ["cpe:/o:cisco:ios"], "id": "CISCO-SA-20150320-OPENSSL-IOS.NASL", "href": "https://www.tenable.com/plugins/nessus/90525", "sourceData": "#TRUSTED 50c5ee3159f76d52106959d5fccc37925a0fdfdd11fa504dc19da1d5d480717579569a2685cc828db889bf51b0b57b5541658aeda2afcdf859221a79f8d5ca2e7793ea33022e59ab5a5824cae5520e404875efa5f364df071088d3b6ec9c3ac4d5814e0eeb22a41a1896fa743410f3f7950153b9562d172988e98f943289066679f84abb29aeaaafa2c6ddfe6b9c6bf5045189f628b845eb5aeb2581b601d4cce8ddbc181092198ad4d1fa8a4f94cccf5e470b3f927f44c833322123433f12e853e7384cb2fc8a5c8a6ff7a5efa4c40c0bcbe060a95ae1417c8cbaa1f5234ce03acdfb09b4312c1f57c794a0c56bc055a37b6651a8bb47350981757ab20d4b1d62608612ec4f5043b25ddf5fca655bded1a1da0383a9d8a2c10506d42f7f2b70999c6435911c477eeffb76c2ff212b2ffda5ff87abf21a42074aab62db323f04cd10403706fb54428943cdf59564667f08aea8eb40993d6cc28d67eed99e74c01a6a3573bf5b0df67603109fcb97a9bf3e970a2611b74da82ba57d4e3d0d5caa7d251abae80952a0bbb938c4b8f1f1057c9dc530d1bb967030a1c22e88f3ef7e62d13fb20d90e1d01fccda0aa11ff43fab2ca1920830c6a81072ad92a565a72e361c07f448312e3998a7e2c84ccb12ff546121c91be8094ad336320beb71e0edceb8363e3ec7e458ee01fc87bdee006d6945a50acbdd1a8a88af725d0b9c0acb\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90525);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2015-0209\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\"\n );\n script_bugtraq_id(\n 73225,\n 73227,\n 73228,\n 73231,\n 73232,\n 73237,\n 73239\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut46130\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150320-openssl\");\n\n script_name(english:\"Cisco IOS Multiple OpenSSL Vulnerabilities (CSCut46130)\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco IOS device is missing a vendor-supplied security\npatch and has an IOS service configured to use TLS or SSL. It is,\ntherefore, affected by the following vulnerabilities in the bundled\nOpenSSL library :\n\n - A use-after-free condition exists in the\n d2i_ECPrivateKey() function due to improper processing\n of malformed EC private key files during import. A\n remote attacker can exploit this to dereference or free\n already freed memory, resulting in a denial of service\n or other unspecified impact. (CVE-2015-0209)\n\n - An invalid read error exists in the ASN1_TYPE_cmp()\n function due to improperly performed boolean-type\n comparisons. A remote attacker can exploit this, via a\n crafted X.509 certificate to an endpoint that uses the\n certificate-verification feature, to cause an invalid\n read operation, resulting in a denial of service.\n (CVE-2015-0286)\n\n - A flaw exists in the ASN1_item_ex_d2i() function due to\n a failure to reinitialize 'CHOICE' and 'ADB' data\n structures when reusing a structure in ASN.1 parsing.\n This allows a remote attacker to cause an invalid write\n operation and memory corruption, resulting in a denial\n of service. (CVE-2015-0287)\n\n - A NULL pointer dereference flaw exists in the\n X509_to_X509_REQ() function due to improper processing\n of certificate keys. This allows a remote attacker, via\n a crafted X.509 certificate, to cause a denial of\n service. (CVE-2015-0288)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing outer\n ContentInfo. This allows a remote attacker, using an\n application that processes arbitrary PKCS#7 data and\n providing malformed data with ASN.1 encoding, to cause\n a denial of service. (CVE-2015-0289)\n\n - An integer underflow condition exists in the\n EVP_DecodeUpdate() function due to improper validation\n of base64 encoded input when decoding. This allows a\n remote attacker, using maliciously crafted base64 data,\n to cause a segmentation fault or memory corruption,\n resulting in a denial of service or possibly the\n execution of arbitrary code. (CVE-2015-0292)\n\n - A flaw exists in servers that both support SSLv2 and\n enable export cipher suites due to improper\n implementation of SSLv2. A remote attacker can exploit\n this, via a crafted CLIENT-MASTER-KEY message, to cause\n a denial of service. (CVE-2015-0293)\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2beef118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut46130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID\nCSCut46130.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/Cisco/IOS/Version\");\n\n##\n# Examines the output of show running config all for known SSL\n# utilizing IOS features.\n#\n# @remark 'override' in the return value signals that the scan\n# was not provided sufficient credentials to check for\n# the related configurations. 'flag' signals whether or\n# not the configuration examined appears to be using SSL\n#\n# @return always an array like:\n# {\n# 'override' : (TRUE|FALSE),\n# 'flag' : (TRUE|FALSE)\n# }\n##\nfunction ios_using_openssl()\n{\n local_var res, buf;\n res = make_array(\n 'override', TRUE,\n 'flag', TRUE\n );\n\n # Signal we need local checks\n if (!get_kb_item(\"Host/local_checks_enabled\"))\n return res;\n\n buf = cisco_command_kb_item(\n \"Host/Cisco/Config/show_running-config_all\",\n \"show running-config all\"\n );\n\n # Privilege escalation required\n if (cisco_needs_enable(buf))\n return res;\n\n res['flag'] = FALSE;\n\n # Check to make sure no errors in command output\n if(!check_cisco_result(buf))\n return res;\n\n # All good check for various SSL services\n res['override'] = FALSE;\n\n # Web UI HTTPS\n if (preg(string:buf, pattern:\"^ip http secure-server\", multiline:TRUE))\n res['flag'] = TRUE;\n # HTTPS client feature / Voice-XML HTTPS client\n else if (preg(string:buf, pattern:\"^(ip )?http client secure-\", multiline:TRUE))\n res['flag'] = TRUE;\n # CNS feature\n else if (preg(string:buf, pattern:\"^cns (config|exec|event) .* encrypt\", multiline:TRUE))\n res['flag'] = TRUE;\n # CMTS billing feature\n else if (preg(string:buf, pattern:\"^cable metering .* secure\", multiline:TRUE))\n res['flag'] = TRUE;\n # SSL VPN\n else if (\n cisco_check_sections(\n config : buf,\n section_regex : \"^webvpn gateway \",\n config_regex :'^\\\\s*inservice'\n )\n ) res['flag'] = TRUE;\n # Settlement for Packet Telephony feature\n else if (\n cisco_check_sections(\n config : buf,\n section_regex : \"^settlement \",\n config_regex : make_list('^\\\\s*url https:', '^\\\\s*no shutdown')\n )\n ) res['flag'] = TRUE;\n\n return res;\n}\n\n##\n# Main check logic\n##\n\n# Look for known affected versions\naffected = make_list(\n'12.2(58)EX', '12.2(58)EY', '12.2(58)EY1', '12.2(58)EY2', '12.2(58)EZ', '12.2(60)EZ', '12.2(60)EZ1',\n'12.2(60)EZ2', '12.2(60)EZ3', '12.2(60)EZ4', '12.2(60)EZ5', '12.2(60)EZ6', '12.2(60)EZ7', '12.2(60)EZ8',\n'12.2(58)SE', '12.2(58)SE1', '12.2(58)SE2', '12.2(54)SG', '12.2(54)SG1', '12.2(54)WO', '12.2(54)XO',\n'12.4(22)GC1', '12.4(24)GC1', '12.4(24)GC3', '12.4(24)GC3a', '12.4(24)GC4', '12.4(24)GC5', '12.4(22)MD',\n'12.4(22)MD1', '12.4(22)MD2', '12.4(24)MD', '12.4(24)MD1', '12.4(24)MD2', '12.4(24)MD3', '12.4(24)MD4',\n'12.4(24)MD5', '12.4(24)MD6', '12.4(24)MD7', '12.4(22)MDA', '12.4(22)MDA1', '12.4(22)MDA2', '12.4(22)MDA3',\n'12.4(22)MDA4', '12.4(22)MDA5', '12.4(22)MDA6', '12.4(24)MDA1', '12.4(24)MDA10', '12.4(24)MDA11', '12.4(24)MDA12',\n'12.4(24)MDA13', '12.4(24)MDA2', '12.4(24)MDA3', '12.4(24)MDA4', '12.4(24)MDA5', '12.4(24)MDA6', '12.4(24)MDA7',\n'12.4(24)MDA8', '12.4(24)MDA9', '12.4(24)MDB', '12.4(24)MDB1', '12.4(24)MDB10', '12.4(24)MDB11', '12.4(24)MDB12',\n'12.4(24)MDB13', '12.4(24)MDB14', '12.4(24)MDB15', '12.4(24)MDB16', '12.4(24)MDB17', '12.4(24)MDB18', '12.4(24)MDB19',\n'12.4(24)MDB3', '12.4(24)MDB4', '12.4(24)MDB5', '12.4(24)MDB5a', '12.4(24)MDB6', '12.4(24)MDB7', '12.4(24)MDB8',\n'12.4(24)MDB9', '12.4(22)T', '12.4(22)T1', '12.4(22)T2', '12.4(22)T3', '12.4(22)T4', '12.4(22)T5',\n'12.4(24)T', '12.4(24)T1', '12.4(24)T2', '12.4(24)T3', '12.4(24)T3e', '12.4(24)T3f', '12.4(24)T4',\n'12.4(24)T4a', '12.4(24)T4b', '12.4(24)T4c', '12.4(24)T4d', '12.4(24)T4e', '12.4(24)T4f', '12.4(24)T4l',\n'12.4(24)T5', '12.4(24)T6', '12.4(24)T7', '12.4(24)T8', '12.4(22)XR1', '12.4(22)XR10', '12.4(22)XR11',\n'12.4(22)XR12', '12.4(22)XR2', '12.4(22)XR3', '12.4(22)XR4', '12.4(22)XR5', '12.4(22)XR6', '12.4(22)XR7',\n'12.4(22)XR8', '12.4(22)XR9', '12.4(22)YD', '12.4(22)YD1', '12.4(22)YD2', '12.4(22)YD3', '12.4(22)YD4',\n'12.4(22)YE2', '12.4(22)YE3', '12.4(22)YE4', '12.4(22)YE5', '12.4(22)YE6', '12.4(24)YE', '12.4(24)YE1',\n'12.4(24)YE2', '12.4(24)YE3', '12.4(24)YE3a', '12.4(24)YE3b', '12.4(24)YE3c', '12.4(24)YE3d', '12.4(24)YE3e',\n'12.4(24)YE4', '12.4(24)YE5', '12.4(24)YE6', '12.4(24)YE7', '12.4(24)YG1', '12.4(24)YG2', '12.4(24)YG3',\n'12.4(24)YG4', '15.0(2)EB', '15.0(2)EC', '15.0(2)ED', '15.0(2)ED1', '15.0(2)EH', '15.0(2)EJ',\n'15.0(2)EJ1', '15.0(2)EK', '15.0(2)EK1', '15.0(1)EX', '15.0(2)EX', '15.0(2)EX1', '15.0(2)EX2',\n'15.0(2)EX3', '15.0(2)EX4', '15.0(2)EX5', '15.0(2)EX8', '15.0(2a)EX5', '15.0(1)EY', '15.0(1)EY1',\n'15.0(1)EY2', '15.0(2)EY', '15.0(2)EY1', '15.0(2)EY2', '15.0(2)EY3', '15.0(2)EZ', '15.0(1)M',\n'15.0(1)M1', '15.0(1)M10', '15.0(1)M2', '15.0(1)M3', '15.0(1)M4', '15.0(1)M5', '15.0(1)M6',\n'15.0(1)M7', '15.0(1)M8', '15.0(1)M9', '15.0(1)MR', '15.0(2)MR', '15.0(1)S2', '15.0(1)S5',\n'15.0(1)S6', '15.0(1)SE', '15.0(1)SE1', '15.0(1)SE2', '15.0(1)SE3', '15.0(2)SE', '15.0(2)SE1',\n'15.0(2)SE2', '15.0(2)SE3', '15.0(2)SE4', '15.0(2)SE5', '15.0(2)SE6', '15.0(2)SE7', '15.0(2)SG',\n'15.0(2)SG1', '15.0(2)SG10', '15.0(2)SG2', '15.0(2)SG3', '15.0(2)SG4', '15.0(2)SG5', '15.0(2)SG6',\n'15.0(2)SG7', '15.0(2)SG8', '15.0(2)SQD', '15.0(2)SQD1', '15.0(1)XA', '15.0(1)XA1', '15.0(1)XA2',\n'15.0(1)XA3', '15.0(1)XA4', '15.0(1)XA5', '15.0(1)XO', '15.0(1)XO1', '15.0(2)XO', '15.1(2)EY',\n'15.1(2)EY1a', '15.1(2)EY2', '15.1(2)EY2a', '15.1(2)EY3', '15.1(2)EY4', '15.1(2)GC', '15.1(2)GC1',\n'15.1(2)GC2', '15.1(4)GC', '15.1(4)GC1', '15.1(4)GC2', '15.1(4)M', '15.1(4)M1', '15.1(4)M10',\n'15.1(4)M2', '15.1(4)M3', '15.1(4)M3a', '15.1(4)M4', '15.1(4)M5', '15.1(4)M6', '15.1(4)M7',\n'15.1(4)M8', '15.1(4)M9', '15.1(1)MR', '15.1(1)MR1', '15.1(1)MR2', '15.1(1)MR3', '15.1(1)MR4',\n'15.1(3)MR', '15.1(3)MRA', '15.1(3)MRA1', '15.1(3)MRA2', '15.1(3)MRA3', '15.1(3)MRA4', '15.1(1)S',\n'15.1(1)S1', '15.1(1)S2', '15.1(2)S', '15.1(2)S1', '15.1(2)S2', '15.1(3)S', '15.1(3)S0a',\n'15.1(3)S1', '15.1(3)S2', '15.1(3)S3', '15.1(3)S4', '15.1(3)S5', '15.1(3)S5a', '15.1(3)S6',\n'15.1(1)SG', '15.1(1)SG1', '15.1(1)SG2', '15.1(2)SG', '15.1(2)SG1', '15.1(2)SG2', '15.1(2)SG3',\n'15.1(2)SG4', '15.1(2)SG5', '15.1(2)SG6', '15.1(2)SNG', '15.1(2)SNH', '15.1(2)SNI', '15.1(2)SNI1',\n'15.1(3)SVB1', '15.1(3)SVD', '15.1(3)SVD1', '15.1(3)SVD2', '15.1(3)SVE', '15.1(3)SVF', '15.1(3)SVF1',\n'15.1(3)SVF4a', '15.1(1)SY', '15.1(1)SY1', '15.1(1)SY2', '15.1(1)SY3', '15.1(1)SY4', '15.1(1)SY5',\n'15.1(2)SY', '15.1(2)SY1', '15.1(2)SY2', '15.1(2)SY3', '15.1(2)SY4', '15.1(2)SY4a', '15.1(2)SY5',\n'15.1(1)T', '15.1(1)T1', '15.1(1)T2', '15.1(1)T3', '15.1(1)T4', '15.1(1)T5', '15.1(2)T',\n'15.1(2)T0a', '15.1(2)T1', '15.1(2)T2', '15.1(2)T2a', '15.1(2)T3', '15.1(2)T4', '15.1(2)T5',\n'15.1(3)T', '15.1(3)T1', '15.1(3)T2', '15.1(3)T3', '15.1(3)T4', '15.1(1)XB', '15.2(1)E',\n'15.2(1)E1', '15.2(1)E2', '15.2(1)E3', '15.2(2)E', '15.2(2)E1', '15.2(2)E2', '15.2(2a)E1',\n'15.2(3)E', '15.2(3)E1', '15.2(3)E2', '15.2(3a)E', '15.2(2)EB', '15.2(2)EB1', '15.2(1)EY',\n'15.2(2)EA1', '15.2(2)EA2', '15.2(3)EA', '15.2(1)GC', '15.2(1)GC1', '15.2(1)GC2', '15.2(2)GC',\n'15.2(3)GC', '15.2(3)GC1', '15.2(4)GC', '15.2(4)GC1', '15.2(4)GC2', '15.2(4)GC3', '15.2(2)JA',\n'15.2(2)JA1', '15.2(4)JA', '15.2(4)JA1', '15.2(2)JAX', '15.2(2)JAX1', '15.2(2)JB', '15.2(2)JB1',\n'15.2(2)JB2', '15.2(2)JB3', '15.2(2)JB4', '15.2(2)JB5', '15.2(4)JB', '15.2(4)JB1', '15.2(4)JB2',\n'15.2(4)JB3', '15.2(4)JB3a', '15.2(4)JB3b', '15.2(4)JB3h', '15.2(4)JB3s', '15.2(4)JB4', '15.2(4)JB5',\n'15.2(4)JB5h', '15.2(4)JB5m', '15.2(4)JB50', '15.2(4)JB6', '15.2(4)JB7', '15.2(2)JN1', '15.2(2)JN2',\n'15.2(4)JN', '15.2(4)M', '15.2(4)M1', '15.2(4)M2', '15.2(4)M3', '15.2(4)M4', '15.2(4)M5',\n'15.2(4)M6', '15.2(4)M6a', '15.2(4)M7', '15.2(4)M8', '15.2(1)S', '15.2(1)S1', '15.2(1)S2',\n'15.2(2)S', '15.2(2)S0a', '15.2(2)S0c', '15.2(2)S1', '15.2(2)S2', '15.2(4)S', '15.2(4)S1',\n'15.2(4)S2', '15.2(4)S3', '15.2(4)S3a', '15.2(4)S4', '15.2(4)S4a', '15.2(4)S5', '15.2(4)S6',\n'15.2(4)S7', '15.2(2)SNG', '15.2(2)SNH1', '15.2(2)SNI', '15.2(1)SY', '15.2(1)SY0a', '15.2(1)SY1',\n'15.2(1)T', '15.2(1)T1', '15.2(1)T2', '15.2(1)T3', '15.2(1)T3a', '15.2(1)T4', '15.2(2)T',\n'15.2(2)T1', '15.2(2)T2', '15.2(2)T3', '15.2(2)T4', '15.2(3)T', '15.2(3)T1', '15.2(3)T2',\n'15.2(3)T3', '15.2(3)T4', '15.3(3)JA', '15.3(3)JA1', '15.3(3)JA1m', '15.3(3)JA1n', '15.3(3)JA4',\n'15.3(3)JA77', '15.3(3)JAA', '15.3(3)JAB', '15.3(3)JAX', '15.3(3)JAX1', '15.3(3)JAX2', '15.3(3)JBB',\n'15.3(3)JN1', '15.3(3)JN2', '15.3(3)JN3', '15.3(3)JN4', '15.3(3)JNB', '15.3(3)JNB1', '15.3(3)JNB2',\n'15.3(3)M', '15.3(3)M1', '15.3(3)M2', '15.3(3)M3', '15.3(3)M4', '15.3(3)M5', '15.3(1)S',\n'15.3(1)S1', '15.3(1)S2', '15.3(2)S', '15.3(2)S0a', '15.3(2)S1', '15.3(2)S2', '15.3(3)S',\n'15.3(3)S1', '15.3(3)S1a', '15.3(3)S2', '15.3(3)S3', '15.3(3)S4', '15.3(3)S5', '15.3(3)S6',\n'15.3(1)T', '15.3(1)T1', '15.3(1)T2', '15.3(1)T3', '15.3(1)T4', '15.3(2)T', '15.3(2)T1',\n'15.3(2)T2', '15.3(2)T3', '15.3(2)T4', '15.4(1)CG', '15.4(1)CG1', '15.4(2)CG', '15.4(3)M',\n'15.4(3)M1', '15.4(3)M2', '15.4(3)M3', '15.4(1)S', '15.4(1)S1', '15.4(1)S2', '15.4(1)S3',\n'15.4(1)S4', '15.4(2)S', '15.4(2)S1', '15.4(2)S2', '15.4(2)S3', '15.4(3)S', '15.4(3)S1',\n'15.4(3)S2', '15.4(3)S3', '15.4(1)T', '15.4(1)T1', '15.4(1)T2', '15.4(1)T3', '15.4(1)T4',\n'15.4(2)T', '15.4(2)T1', '15.4(2)T2', '15.4(2)T3', '15.5(1)S', '15.5(1)S1', '15.5(1)S2',\n'15.5(2)S', '15.5(1)T', '15.5(1)T1', '15.5(1)T2', '15.5(2)T'\n);\n\nflag = FALSE;\nforeach afver (affected)\n{\n if (ver == afver)\n {\n flag = TRUE;\n break;\n }\n}\n\nif (!flag)\n audit(AUDIT_INST_VER_NOT_VULN, \"Cisco IOS\", ver);\n\n# Configuration check\nsslcheck = ios_using_openssl();\n\nif (!sslcheck['flag'] && !sslcheck['override'])\n audit(AUDIT_HOST_NOT, \"affected because it does not appear as though any service utilizing the OpenSSL library is enabled\");\n\n# Override is shown regardless of verbosity\nreport = \"\";\nif (report_verbosity > 0)\n{\n order = make_list('Cisco bug ID', 'Installed release');\n report = make_array(\n order[0], 'CSCut46130',\n order[1], ver\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n}\n\nsecurity_hole(port:0, extra:report+cisco_caveat(sslcheck['override']));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-02-13T18:10:50", "description": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.", "cvss3": {}, "published": "2003-11-17T05:00:00", "type": "debiancve", "title": "CVE-2002-1568", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1568"], "modified": "2003-11-17T05:00:00", "id": "DEBIANCVE:CVE-2002-1568", "href": "https://security-tracker.debian.org/tracker/CVE-2002-1568", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T18:10:51", "description": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.", "cvss3": {}, "published": "2012-01-06T01:55:00", "type": "debiancve", "title": "CVE-2011-4577", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2012-01-06T01:55:00", "id": "DEBIANCVE:CVE-2011-4577", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4577", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-09T06:06:01", "description": "Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T17:59:00", "type": "debiancve", "title": "CVE-2016-4802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2016-06-24T17:59:00", "id": "DEBIANCVE:CVE-2016-4802", "href": "https://security-tracker.debian.org/tracker/CVE-2016-4802", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-13T18:10:53", "description": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-04T19:29:00", "type": "debiancve", "title": "CVE-2017-3733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2017-05-04T19:29:00", "id": "DEBIANCVE:CVE-2017-3733", "href": "https://security-tracker.debian.org/tracker/CVE-2017-3733", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T18:10:52", "description": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "cvss3": {}, "published": "2015-03-19T22:59:00", "type": "debiancve", "title": "CVE-2015-0293", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2015-03-19T22:59:00", "id": "DEBIANCVE:CVE-2015-0293", "href": "https://security-tracker.debian.org/tracker/CVE-2015-0293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-02-15T16:14:46", "description": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is\nenabled, allows remote attackers to cause a denial of service (assertion\nfailure) via an X.509 certificate containing certificate-extension data\nassociated with (1) IP address blocks or (2) Autonomous System (AS)\nidentifiers.", "cvss3": {}, "published": "2012-01-05T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4577", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2012-01-05T00:00:00", "id": "UB:CVE-2011-4577", "href": "https://ubuntu.com/security/CVE-2011-4577", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:10:33", "description": "Multiple untrusted search path vulnerabilities in cURL and libcurl before\n7.49.1, when built with SSPI or telnet is enabled, allow local users to\nexecute arbitrary code and conduct DLL hijacking attacks via a Trojan horse\n(1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or\ncurrent working directory.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | windows-specific\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-24T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2016-06-24T00:00:00", "id": "UB:CVE-2016-4802", "href": "https://ubuntu.com/security/CVE-2016-4802", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:01:58", "description": "During a renegotiation handshake if the Encrypt-Then-Mac extension is\nnegotiated where it was not in the original handshake (or vice-versa) then\nthis can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on\nciphersuite). Both clients and servers are affected.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | only affects 1.1.x\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-3733", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2017-05-04T00:00:00", "id": "UB:CVE-2017-3733", "href": "https://ubuntu.com/security/CVE-2017-3733", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:17:19", "description": "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to\ncause a denial of service (s2_lib.c assertion failure and daemon exit) via\na crafted CLIENT-MASTER-KEY message.", "cvss3": {}, "published": "2015-03-17T00:00:00", "type": "ubuntucve", "title": "CVE-2015-0293", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2015-03-17T00:00:00", "id": "UB:CVE-2015-0293", "href": "https://ubuntu.com/security/CVE-2015-0293", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2017-06-08T10:18:58", "description": "\nF5 Product Development has assigned ID 410742 (ARX) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP AAM | None | 11.4.0 - 11.5.1 | None \nBIG-IP AFM | None | 11.3.0 - 11.5.1 | None \nBIG-IP Analytics | None | 11.0.0 - 11.5.1 | None \nBIG-IP APM | None | 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4 | None \nBIG-IP ASM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None \nBIG-IP GTM | None | 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4 \n| None \nBIG-IP PEM | None \n| 11.3.0 - 11.5.1 \n| None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4 | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4 | None \nARX | 6.0.0 - 6.4.0 | None | ARX GUI \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0 | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.3.0 \n| None \nBIG-IQ Device | None \n| 4.2.0 - 4.3.0 \n| None \nBIG-IQ Security | None \n| 4.0.0 - 4.3.0 \n| None \nLineRate | None | 2.2.0 - 2.3.1 | None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {}, "published": "2014-06-05T19:52:00", "type": "f5", "title": "OpenSSL vulnerability CVE-2011-4577", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2017-03-14T22:07:00", "id": "F5:K15314", "href": "https://support.f5.com/csp/article/K15314", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:06", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "cvss3": {}, "published": "2014-06-05T00:00:00", "type": "f5", "title": "SOL15314 - OpenSSL vulnerability CVE-2011-4577", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2016-07-25T00:00:00", "id": "SOL15314", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-04-30T18:21:20", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-23T19:12:00", "type": "f5", "title": "OpenSSL vulnerability CVE-2017-3733", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2017-05-24T20:58:00", "id": "F5:K55462146", "href": "https://support.f5.com/csp/article/K55462146", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:21", "description": "\nF5 Product Development has assigned ID 513382 (BIG-IP), ID 516875 (BIG-IQ), ID 516876 (Enterprise Manager), and ID 410742 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H513523 on the **Diagnostics **> **Identified **> **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.0.1 - 10.2.4| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP DNS| None| 12.0.0 - 12.1.0*| Not Vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0 - 12.1.0* \n11.6.1* \n11.6.0 HF5 \n11.5.3 HF2 \n11.4.1 HF9| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nARX| 6.0.0 - 6.4.0| None| Medium| ARX GUI \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not Vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| 4.5.0 HF3*| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IQ Device| 4.2.0 - 4.5.0| 4.5.0 HF3*| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IQ Security| 4.0.0 - 4.5.0| 4.5.0 HF3*| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IQ ADC| 4.5.0| 4.5.0 HF3*| Medium| Configuration Utility \nClient SSL profile with COMPAT ciphers enabled \nBIG-IQ Centralized Management| None| 4.6.0*| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0*| Not vulnerable| None \nLineRate| 2.5.0 \n2.4.2| 2.4.0 - 2.4.1| Severe| OpenSSL \nF5 WebSafe| None| 1.0.0| Not Vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \nBIG-IP Edge Clients for Android| None| 2.0.0 - 2.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Apple iOS| None| 2.0.0 - 2.0.4 \n1.0.5 - 1.0.6| Not vulnerable| None \nBIG-IP Edge Clients for Linux| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for MAC OS X| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients for Windows| None| 6035.x - 7110.x| Not vulnerable| None \nBIG-IP Edge Clients Windows Phone 8.1| None| 1.0.0.x| Not vulnerable| None \nBIG-IP Edge Portal for Android| None| 1.0.0 - 1.0.2| Not vulnerable| None \nBIG-IP Edge Portal for Apple iOS| None| 1.0.0 - 1.0.3| Not vulnerable| None \n \n_* While BIG-IP 12.1.0, 12.0.0, and 11.6.1, BIG-IQ Centralized Management 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, and BIG-IQ 4.5.0 HF3 ship with an OpenSSL version earlier than 1.0.1m, the libraries necessary to fix the issue were merged with the BIG-IP system's OpenSSL implementation._\n\n**Important**: The affected BIG-IP, BIG-IQ, and Enterprise Manager versions are not vulnerable by default. For the Configuration utility to be vulnerable, you would have to modify the Apache server configuration to include SSLv2 and Export Grade ciphers. Additionally, the COMPAT SSL ciphers are not specified in the default Client SSL profile.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**BIG-IP 11.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your Client SSL profile to use the NATIVE cipher suite. To do so, refer to [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>).\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**BIG-IP 10.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your Client SSL profile to use the NATIVE cipher suite. To do so, refer to [K7815: Configuring the cipher strength for SSL profiles (9.x - 10.x)](<https://support.f5.com/csp/article/K7815>).\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**BIG-IQ**\n\nTo mitigate this vulnerability in the BIG-IQ user interface, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**Enterprise Manager**\n\nTo mitigate this vulnerability in the Enterprise Manager Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * [K13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x)](<https://support.f5.com/csp/article/K13405>)\n * [K6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x)](<https://support.f5.com/csp/article/K6768>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n", "cvss3": {}, "published": "2015-04-03T01:17:00", "type": "f5", "title": "OpenSSL vulnerability CVE-2015-0293", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2017-03-14T22:06:00", "id": "F5:K16321", "href": "https://support.f5.com/csp/article/K16321", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:05", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**BIG-IP 11.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your Client SSL profile to use the NATIVE cipher suite. To do so, refer to SOL13171: Configuring the cipher strength for SSL profiles (11.x).\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**BIG-IP 10.x**\n\nTo mitigate this vulnerability on virtual servers, you can configure your Client SSL profile to use the NATIVE cipher suite. To do so, refer to SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x).\n\nTo mitigate this vulnerability in the BIG-IP Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**BIG-IQ**\n\nTo mitigate this vulnerability in the BIG-IQ user interface, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\n**Enterprise Manager**\n\nTo mitigate this vulnerability in the Enterprise Manager Configuration utility, do not modify the Apache server configuration to include SSLv2 and Export Grade ciphers.\n\nSupplemental Information\n\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * SOL13405: Restricting Configuration utility access to clients using high encryption SSL ciphers (11.x)\n * SOL6768: Restricting Configuration utility access to clients using high encryption SSL ciphers (9.x - 10.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL9502: BIG-IP hotfix matrix\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "cvss3": {}, "published": "2015-04-02T00:00:00", "type": "f5", "title": "SOL16321 - OpenSSL vulnerability CVE-2015-0293", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0293"], "modified": "2016-07-20T00:00:00", "id": "SOL16321", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16321.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "veracode": [{"lastseen": "2022-07-27T10:47:00", "description": "openssl is vulnerable to denial of service. A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data.\n", "cvss3": {}, "published": "2020-04-10T01:10:35", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4577"], "modified": "2022-04-19T18:24:13", "id": "VERACODE:24976", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24976/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T00:26:53", "description": "libcurl.so is vulnerable to arbitrary code execution. When built with SSPI or telnet is enabled, a local user is able to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-05T07:05:18", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2022-04-19T18:16:07", "id": "VERACODE:31126", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31126/summary", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T16:10:50", "description": "### *Detect date*:\n05/29/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn improper DLL loading was found in cURL. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited via a DLL hijack.\n\n### *Affected products*:\ncURL and libcurl versions earlier than 7.49.1\n\n### *Solution*:\nUpdate to the latest version \n[cURL download page](<https://curl.haxx.se/download.html>)\n\n### *Original advisories*:\n[Original advisory](<https://curl.haxx.se/docs/adv_20160530.html>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[cURL](<https://threats.kaspersky.com/en/product/cURL/>)\n\n### *CVE-IDS*:\n[CVE-2016-4802](<https://vulners.com/cve/CVE-2016-4802>)6.9High", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-29T00:00:00", "type": "kaspersky", "title": "KLA10817 Privilege escalation in cURL", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4802"], "modified": "2020-06-03T00:00:00", "id": "KLA10817", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10817/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:36:09", "description": "A denial of service vulnerability has been reported in OpenSSL. This vulnerability is due to improper handling of the Encrypt-Then-Mac extension during renegotiation. A remote attacker could exploit this vulnerability in an OpenSSL client or server application by sending crafted packets during renegotiation. Successful exploitation results in denial of service conditions on the affected service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-22T00:00:00", "type": "checkpoint_advisories", "title": "OpenSSL Encrypt-Then-Mac Renegotiation Denial of Service (CVE-2017-3733)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2017-05-07T00:00:00", "id": "CPAI-2017-0237", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-13T05:36:59", "description": "## Summary\n\nOpen Source OpenSSL Vulnerabilities in IBM Network Advisor (CVE-2017-3733).\n\n## Vulnerability Details\n\n**Relevant CVE Information:**\n\n**CVEID:** [_CVE-2017-3733_](<https://vulners.com/cve/CVE-2017-3733>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Network Advisor prior to release 14.0.2\n\n## Remediation/Fixes\n\nFixed in IBM Network Advisor 14.0.2\n\n## Workarounds and Mitigations\n\nNA\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T00:34:55", "type": "ibm", "title": "Security Bulletin: Open Source OpenSSL Vulnerabilities in IBM Network Advisor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2018-06-18T00:34:55", "id": "00CCFCA9A5F16E5078CC3A0799E78508D7F8D9C3DC2CB9C2E2996EDDB6A762AD", "href": "https://www.ibm.com/support/pages/node/697751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:53:27", "description": "## Summary\n\nIBM Initiate Master Data Service is vulnerable to an OpenSSL denial of service attack and could cause the application to crash.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3733_](<https://vulners.com/cve/CVE-2017-3733>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service versions 10.0 and 10.1 \n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n\n\n**_Product_**** **| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service| \n\n10.0 \n\n| None| [_10.0.042517_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.0.042517_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Patient Hub | \n\n10.0 \n\n| None| [_10.0.042517_IM_Initiate_Patient_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=10.0.042517_IM_Initiate_Patient_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Provider Hub | \n\n10.0 \n\n| None| [_10.0.042517_IM_Initiate_Provider_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=10.0.042517_IM_Initiate_Provider_ALL_InterimFix&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.1 \n\n| None| [_10.1.042517_IM_Initiate_MasterDataService_ALL_InterimFix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.042517_IM_Initiate_MasterDataService_ALL_InterimFix&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:47:54", "type": "ibm", "title": "Security Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2017-3733)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2018-06-16T13:47:54", "id": "1FAD260E906BFBAA12475F1001415F24BD78768B7F202469CB95E4ED3ED0FCDF", "href": "https://www.ibm.com/support/pages/node/559421", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:50:05", "description": "## Summary\n\nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems have addressed the following vulnerability in OpenSSL.\n\n## Vulnerability Details\n\n**Summary**\n\nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems have addressed the following vulnerability in OpenSSL.\n\n**Vulnerability Details**\n\n**CVEID:** [CVE-2017-3733](<https://vulners.com/cve/CVE-2017-3733>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122091> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**Affected Products and Versions**\n\nProduct | Affected Version \n---|--- \nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware | 9.1 \nQLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter | 7.10 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter | 9.0 \n \n**Remediation/Fixes**\n\nFirmware fix versions are available on Fix Central: \n<http://www.ibm.com/support/fixcentral/>.\n\nProduct | Fix Version \n---|--- \nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware \nqlgc_fw_flex_9.1.11.03.00_anyos_noarch | 9.1.11.03.00 \nQLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter \nqlgc_fw_bcsw_7.10.1.42.00_anyos_noarch | 7.10.1.42.00 \nQLogic Virtual Fabric Extension Module for IBM BladeCenter \nqlgc_fw_bcsw_9.0.3.21.00_anyos_noarch | 9.0.3.21.00 \n \n**Workarounds and Mitigations**\n\nNone\n\n**References**\n\n * [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide.html>)\n * [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n**Acknowledgement**\n\nNone\n\n**Change History** \n14 December 2017: Original Copy Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-31T02:40:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3733"], "modified": "2019-01-31T02:40:01", "id": "BF0DCA74F6B60212D601DDBA9325569263929FC828703770584542E6F84B866A", "href": "https://www.ibm.com/support/pages/node/868880", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:44:45", "description": "## Summary\n\nOpenSSL, used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection from VMware, is vulnerable to two denial of service vulnerabilities which can cause the application to stop responding or crash. \nNOTE1: This bulletin was updated on December 15, 2017 to add fixes for NetApp Services. \nNOTE2: This bulletin was updated on February 15, 2018 to add 7.1 AIX client fix for NetApp Services.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<https://vulners.com/cve/CVE-2016-8610>)** \nDESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** ** \n** ** \n**CVEID:** [_CVE-2017-3733_](<https://vulners.com/cve/CVE-2017-3733>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n## Affected Products and Versions\n\nThese security exposures affect network connections between IBM Spectrum Protect (formerly Tivoli Storage Manager) and VMware services. This exposure affects: \n\n\n * **IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:** \n\\- 8.1.0.0 through 8.1.2.x - NetApp services (Linux and Windows) \n\\- 7.1.0.0 through 7.1.8.1 - NetApp services (AIX) \n\\- 7.1.0.0 through 7.1.7.x - NetApp services (Linux and Windows) \n\\- 7.1.0.0 through 7.1.6.4 - VMware services (Linux and Windows) \n\\- 6.4 and below all levels (6.4 and below are EOS) \n \n**_Note that VMware services for the 8.1 client are not affected because the affected component in 8.1 has been moved to Data Protection for VMware._**\n**_ _** \n| \n---|--- \n \n * **IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:** \n\\- 8.1.0.0 through 8.1.0.1 - VMware services \n\\- 7.1.0.0 through 7.1.6.4 - VMware services \n\\- 6.4 and below all levels (6.4 and below are EOS) \n \n**_ \n_**\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect (Tivoli Storage Manager) Client Release_**\n\n| **_Fixing VRM Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1| 8.1.4| Linux \nWindows| For NetApp services, \n<http://www.ibm.com/support/docview.wss?uid=swg24044364> \n7.1| 7.1.8.2| AIX| For NetApp services, \n<http://www.ibm.com/support/docview.wss?uid=swg24044550> \n7.1| 7.1.8| Linux \nWindows| For NetApp services, \n[http://www.ibm.com/support/docview.wss?uid=swg24043984](<http://www-01.ibm.com/support/docview.wss?uid=swg24043984>) \n7.1| 7.1.6.5| Linux \nWindows | For VMware services,[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042496>) \n[http://www.ibm.com/support/docview.wss?uid=swg24042496](<http://www-01.ibm.com/support/docview.wss?uid=swg24042496>) \n6.4 and below| ![](/support/pages/system/files/support/swg/tivtech.nsf/0/2a3a599b1601fcc085258123004b7663/RemediationFixes/0.CFA.gif)| \n| For NetApp services, IBM recommends upgrading to a fixed level or higher of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client. \nFor VMware services, IBM recommends upgrading to a fixed level or higher of IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware. \n \n \n**_IBM Spectrum Protect for Virtual Environments (Tivoli Storage Manager for Virtual Environments): Data Protection for VMware Release_**| **_Fixing VRM Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1| 8.1.0.2| Linux \nWindows| For VMware services, \n<http://www.ibm.com/support/docview.wss?uid=swg24043351> \n7.1| ![](/support/pages/system/files/support/swg/tivtech.nsf/0/2a3a599b1601fcc085258123004b7663/RemediationFixes/0.155A.gif)7.1.6.5| Linux \nWindows | For VMware services, you can either apply the above client fix (7.1.6.5) or upgrade to Data Protection for VMware 7.1.6.5 using the following link: \n<http://www.ibm.com/support/docview.wss?uid=swg24042520> \n6.4 and below| ![](/support/pages/system/files/support/swg/tivtech.nsf/0/2a3a599b1601fcc085258123004b7663/RemediationFixes/0.1830.gif)| \n| For VMware services, IBM recommends upgrading to a fixed level (8.1.0.2 or 7.1.6.5) or higher of IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:40:33", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8610", "CVE-2017-3733"], "modified": "2018-06-17T15:40:33", "id": "C370EAFBBB70EEBAA3B44F1264B1574EA6170D6498723F6BCF591ADF4AD41BE4", "href": "https://www.ibm.com/support/pages/node/561099", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:41:49", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. Rational ClearCase has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Rational ClearCase versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.7\n\n| \n\nAffected \n \n8.0 through 8.0.0.14\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.17\n\n| \n\nAffected \n \n \nNot all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational ClearCase includes _any_ of these configurations: \n\n\n 1. You use the base ClearCase/ClearQuest V2 (perl-based) integration client on any platform, configured to use SSL to communicate with a ClearQuest server. \n\n 2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server. \n**Note:** Windows clients using the UCM/ClearQuest integration are not vulnerable. \n\n 3. You use the Change Management Integration on UNIX/Linux clients, configured to use SSL to communicate with a change management server. \n**Note:** Windows clients using the CMI integration are not vulnerable. \n\n 4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, **and** those scripts use SSL connections. In this situation, you should review all the fixes provided by the OpenSSL project to see which ones apply to your use of OpenSSL. See the references link below.\n\n## Remediation/Fixes\n\nThe solution is to update to the latest fix pack. This fix pack includes OpenSSL 1.0.1m. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1 through 8.0.1.7\n\n| Install [Rational ClearCase Fix Pack 8 (8.0.1.8) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24039865>) \n \n8.0 through 8.0.0.14\n\n| Install [Rational ClearCase Fix Pack 15 (8.0.0.15) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24039863>) \n \n7.1.2 through 7.1.2.17 \n7.1.1.x (all fix packs) \n7.1.0.x (all fix packs)\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 18 (7.1.2.18) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24039861>) \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n_For unsupported versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nDisable the integrations and any customized defined use of ratlperl, ccperl, or cqperl with SSL until you apply the fixes listed above.\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearCase (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0288", "CVE-2015-0293"], "modified": "2018-07-10T08:34:12", "id": "B4CA968494E02B5BFE9B27A5692CA5BE48946524BDEB38C92B16A05BE2C1C180", "href": "https://www.ibm.com/support/pages/node/258867", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:52", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by cqperl and ratlperl for SSL communications. Rational ClearQuest has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability using a malformed Elliptic Curve (EC) private-key file to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.7\n\n| \n\nAffected \n \n8.0 through 8.0.0.14\n\n| \n\nAffected \n \n7.1.2.x through 7.1.2.17\n\n| \n\nAffected \n \n \nNot all deployments of Rational ClearQuest use OpenSSL in a way that is affected by these vulnerabilities. \n \nYou are vulnerable if your use of Rational ClearQuest includes _any_ of these configurations: \n\n\n 1. You use SSL connections in perl scripts run by ratlperl or cqperl, or by ClearQuest hooks. In this situation, you should review all the fixes provided by the OpenSSL project to see which ones apply to your use of OpenSSL. See the references link below.\n 2. You integrate with ClearCase. See [Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearCase (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0293)](<http://www.ibm.com/support/docview.wss?uid=swg21700167>)\n\n## Remediation/Fixes\n\nThe fix is to install a ClearQuest Fix Pack which includes OpenSSL 1.0.1M. (This fix supersedes the fix that includes OpenSSL 1.0.1L, announced in [bulletin 1699040](<http://www.ibm.com/support/docview.wss?uid=swg21699040>).) \n \nUpgrade ClearQuest \n\n**Affected Versions**\n\n| \n\n**Fix Pack containing the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearQuest Fix Pack 8 (8.0.1.8)](<http://www-01.ibm.com/support/docview.wss?uid=swg24039864>) \n \n8.0.0.x\n\n| Install [Rational ClearQuest Fix Pack 15 (8.0.0.15)](<http://www-01.ibm.com/support/docview.wss?uid=swg24039862>) \n \n7.1.2.x\n\n| Customers with extended support contracts should install [Rational ClearQuest Fix Pack 18 (7.1.2.18)](<http://www-01.ibm.com/support/docview.wss?uid=swg24039860>) \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nDisable any script that uses SSL and runs in ratlperl, cqperl or ClearQuest hooks until you apply the fixes listed above.\n\n## ", "cvss3": {}, "published": "2018-06-17T05:01:59", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational ClearQuest (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0288", "CVE-2015-0293"], "modified": "2018-06-17T05:01:59", "id": "94F7B41F1257C267E4A25F1833BC04AD08F160E81172C752AEBC6FD954FC7E9D", "href": "https://www.ibm.com/support/pages/node/263741", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:38:10", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Sterling Connect:Express for UNIX. CXU has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 Boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Express for UNIX 1.4.6 \n\\- All versions prior to 1.4.6.1 iFix 146-109 \n \nIBM Sterling Connect:Express for UNIX 1.5.0 \n\\- All versions prior to 1.5.0.11 iFix 150-1111\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes \n\n\nVRMF | Remediation \n---|--- \n1.4.6 | Please contact your local [IBM Remote Technical Support Center ](<https://www-304.ibm.com/webapp/set2/sas/f/handbook/contacts.html>)to request Connect:Express 1.4.6.1 iFix 146-110 \n1.5.0 | Apply Fix Pack 1.5.0.12, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+UNIX&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL Affect Sterling Connect:Express for UNIX", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0288", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2020-07-24T22:49:37", "id": "467A4726E3E7AEF66C203B003944DA9B03EEFBD2B1D75CD15AF1455C2AF4B2E8", "href": "https://www.ibm.com/support/pages/node/260231", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:42:19", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed in March 2015 by the OpenSSL Project. OpenSSL is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVE-ID**: [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)\n\n**DESCRIPTION**: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service.\n\nCVSS Base Score: 7.5\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for more information \nCVSS Environmental Score*: Undefined \n\nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n**CVE-ID**: [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)\n\n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5.0\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVE-ID**: [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>)** **\n\n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5.0\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVE-ID**: [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>)** **\n\n**DESCRIPTION**: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service.\n\nCVSS Base Score: 7.5\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n**CVE-ID**: [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)\n\n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion.\n\nCVSS Base Score: 5.0\n\n \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM MessageSight 1.2 and earlier.\n\n## Remediation/Fixes\n\n_Product_\n\n| \n_VRMF_| \n_APAR_| \n_Remediation/First Fix_ \n---|---|---|--- \n \n_IBM MessageSight_| \n_1.1_| \n_IT09152_| _1.1.0.1-IBM-IMA-IFIT09152_ \n \n_IBM MessageSight_| \n_1.2_| \n_IT09152_| _1.2.0-IBM-IMA-Physical-FP0001_ \n_1.2.0-IBM-IMA-BareMetal-FP0001_ \n_1.2.0-IBM-IMA-SoftLayerVirtual-FP0001_ \n_1.2.0-IBM-IMA-VirtualEdition-FP0001_ \n \n## ", "cvss3": {}, "published": "2018-06-25T05:54:54", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-0209, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-25T05:54:54", "id": "2ED145A3D0DAD8C68DF27E1A2AC44E5C0F6FCB3E61B424CEE475A6F6ABFEFE3B", "href": "https://www.ibm.com/support/pages/node/527713", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:48:54", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence (RRDI). RRDI has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nRRDI 2.0, 2.0.1, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 5.0, 5.0.1 and 5.0.2\n\n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 13 (Implemented by file 10.1.6305.506)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040116>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 11 (Implemented by file 10.2..5000.1156)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040114>) \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 10 (Implemented by file 10.2.5007.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040114>) \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:01:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2018-06-17T05:01:50", "id": "863449F544E94148ECAE292EA0F89B22B11E00F7BD3A562706624EA901458C39", "href": "https://www.ibm.com/support/pages/node/262219", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:48:54", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nRational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5, 1.1.1.6 and 1.1.1.7\n\n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 13 (Implemented by file 10.1.6305.506)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040116>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 13 (Implemented by file 10.1.6305.506)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040116>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 11 (Implemented by file 10.2..5000.1156)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040114>) \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 10 (Implemented by file 10.2.5007.509)](<http://www-01.ibm.com/support/docview.wss?uid=swg24040114>) \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:01:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2018-06-17T05:01:50", "id": "F0F7CB3FF34575347263765CA6F52851E28E7B2C6749B9C22FAEB916ECBCA8EE", "href": "https://www.ibm.com/support/pages/node/262217", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:37", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cognos Metrics Manager. IBM Cognos Metrics Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101669>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n * * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n * IBM Cognos Metrics Manager 10.1.1\n * IBM Cognos Metrics Manager 10.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n\n\n[IBM Cognos Business Intelligence 10.2.x Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24040114>)\n\n[IBM Cognos Business Intelligence 10.1.x Interim Fixes](<http://www-01.ibm.com/support/docview.wss?uid=swg24040116>)\n\n_For IBM Cognos Metrics Manager versions before 10.1__, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T23:13:40", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293"], "modified": "2018-06-15T23:13:40", "id": "BAF1546D1EDD330DFAAFA27F2850DC5927E6EEBC01917991945A132668237FFA", "href": "https://www.ibm.com/support/pages/node/263843", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:32", "description": "## Summary\n\nPortions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i (RPG and COBOL + Modernization Tools, Java and EGL editions), and Rational Developer for AIX and Linux. \nOpenSSL vulnerabilities were disclosed by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<https://vulners.com/cve/CVE-2016-8610>)** \nDESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n \n**CVEID:** [_CVE-2017-3730_](<https://vulners.com/cve/CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<https://vulners.com/cve/CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<https://vulners.com/cve/CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<https://vulners.com/cve/CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n**CVEID:** [_CVE-2017-3733_](<https://vulners.com/cve/CVE-2017-3733>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-6799_](<https://vulners.com/cve/CVE-2016-6799>)** \nDESCRIPTION:** Apache Cordova Android could allow local attacker to obtain sensitive information, caused by a flaw in the Log class. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125857>)for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and Version shipped as a component** \n---|--- \nIBM Rational Developer for i v9.1, v9.1.1, v9.1.1.1, v9.5, v9.5.0.1, 9.5.0.2, 9.5.0.3, 9.5.1, 9.5.1.1 and 9.5.1.2 RPG and COBOL + Modernization Tools, Java Edition| Rational Application Developer 9.1, 9.1.1, 9.5 \nIBM Rational Developer for i v9.1, v9.1.1, v9.1.1.1, v9.5, v9.5.0.1, 9.5.0.2, 9.5.0.3, 9.5.1, 9.5.1.1 and 9.5.1.2 RPG and COBOL + Modernization Tools, EGL Edition| Rational Application Developer 9.1, 9.1.1, 9.5 \nIBM Rational Developer for AIX and Linux v9.1, v9.1.1, v9.1.1.1, v9.1.1.2, 9.5.1.3 and v9.1.1.4, AIX COBOL Edition| Rational Application Developer 9.1, 9.1.1 \nIBM Rational Developer for AIX and Linux v9.1, v9.1.1, v9.1.1.1, v9.1.1.2 and v9.1.1.3, C/C++ Edition| Rational Application Developer 9.1, 9.1.1 \n \n## Remediation/Fixes\n\nReview the Remediation/Fixes section of [Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software](<http://www.ibm.com/support/docview.wss?uid=swg22004940>) for instructions on obtaining the fix for this issue.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6799", "CVE-2016-7055", "CVE-2016-8610", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733"], "modified": "2018-08-03T04:23:43", "id": "C0501217B805DB60B66BE6BAE92316B764C51679EEA5027CB07C6E657F8181A2", "href": "https://www.ibm.com/support/pages/node/565353", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:28", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8610_](<https://vulners.com/cve/CVE-2016-8610>)** \nDESCRIPTION:** SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to stop responding. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118296_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118296>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n \n**CVEID:** [_CVE-2017-3730_](<https://vulners.com/cve/CVE-2017-3730>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending specially crafted parameters for a DHE or ECDHE key exchange, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121311_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121311>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-3731_](<https://vulners.com/cve/CVE-2017-3731>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<https://vulners.com/cve/CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7055_](<https://vulners.com/cve/CVE-2016-7055>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118748_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118748>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n \n**CVEID:** [_CVE-2017-3733_](<https://vulners.com/cve/CVE-2017-3733>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error during a renegotiate handshake when the original handshake did not include the Encrypt-Then-Mac extension. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2016-6799_](<https://vulners.com/cve/CVE-2016-6799>)** \nDESCRIPTION:** Apache Cordova Android could allow local attacker to obtain sensitive information, caused by a flaw in the Log class. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125857>)for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n## Affected Products and Versions\n\nIBM Rational Application Developer for WebSphere Software v9.1, v9.5 and v9.6\n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 9.1| PI83070| Apply the following fixes: \n\n * [Rational-RAD91x-Cordova-ifix](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Application+Developer+for+WebSphere+Software&release=All&platform=All&function=fixId&fixids=Rational-RAD91x-Cordova-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n * [HybridMobileFeaturePatch91](<https://rcs-testfix2.ratl.swg.usma.ibm.com/cgi-bin/fix_portal.pl?do_view=RAD-8GW7CcBTQX9M>) \nRational Application Developer| 9.5| PI83070| Apply the following fixes: \n\n * [Rational-RAD95x-Cordova-ifix](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Application+Developer+for+WebSphere+Software&release=All&platform=All&function=fixId&fixids=Rational-RAD95x-Cordova-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n * [HybridMobileFeaturePatch95](<https://rcs-testfix2.ratl.swg.usma.ibm.com/cgi-bin/fix_portal.pl?do_view=RAD-51rhRQy6NBL2>) \nRational Application Developer| 9.6| PI83070| \n\n * Apply [IBM SDK for Node.js Version 6 release updated equivalent to the Joyent Node.js API version 6.10.3](<https://developer.ibm.com/node/sdk/v6/>) to the Cordova platform in the product. \n \nInstallation instructions for applying the update to the Cordova platform in the product can be found here: \n \n[Upgrading the IBM SDK for Node.js used by Cordova](<http://www.ibm.com/support/docview.wss?uid=swg21684946>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6799", "CVE-2016-7055", "CVE-2016-8610", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733"], "modified": "2020-02-05T00:09:48", "id": "76415522829E96D2199B1D5D63817545B42CAE7C008B9902D48D11CAEE020C66", "href": "https://www.ibm.com/support/pages/node/563091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:52:10", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Access Manager for Web. IBM Security Access Manager for Web has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability using a malformed Elliptic Curve (EC) private-key file to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Access Manager for Web 7.0 (appliance-based) \n\nIBM Security Access Manager for Web 8.0, versions 8.0, 8.0.0.2, 8.0.0.4, 8.0.0.5, 8.0.1.0, 8.0.1.1, 8.0.1.2\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web (appliance-based)| 7.0 - \n7.0.0.14| IV74128| Apply the 7.0.0.15 fixpack:_ \n_[_7.0.0-ISS-WGA-FP0015_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web| 8.0 - \n8.0.1.2| IV74126| Upgrade to the 8.0.1.3 package: \n[_8.0.1-ISS-WGA-FP0003_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0&platform=Linux&function=all>) \n \n## ", "cvss3": {}, "published": "2018-06-16T21:25:22", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-16T21:25:22", "id": "715F6FCB6F0439BFFCBB62E35AA259E82714E1A115B2957FFCD8F27BEB0EDCA6", "href": "https://www.ibm.com/support/pages/node/530389", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-12T21:33:32", "description": "## Question\n\nSecurity Bulletin: Vulnerabilities in OpenSSL\n\n## Answer\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect all Aspera Products listed below:\n\n * Aspera Enterprise Server Client and Point to Point\n * Aspera OnDemand\n * Aspera Connect Server\n * Aspera Shares\n * Aspera Faspex\n * Aspera Drive\n * Aspera Console\n * Aspera Proxy\n * Aspera Orchestrator\n\nSummary \n\nOpenSSL vulnerabilities were disclosed on March 19 2015 by the OpenSSL Project. OpenSSL is used by Aspera applications listed above. \n\nVulnerability Details\n\nCVEID:[CVE-2015-0208](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0208&sa=D&sntz=1&usg=AFQjCNFj9HrpV7VRiAGN9Q0mPFiCIa7Q9Q>) \nDESCRIPTION:OpenSSL is vulnerable to a denial of service caused by an error in the signature verification routines. By sending an ASN.1 signature using the RSA PSS algorithm and invalid parameters an attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101667](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101667&sa=D&sntz=1&usg=AFQjCNGTJvbahFpDn21YjGOvdIBTLDqkuw>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nCVEID:[CVE-2015-0209](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0209&sa=D&sntz=1&usg=AFQjCNHRVchkKAGwH54SsvtZ92Y40SCWGw>) \nDESCRIPTION:OpenSSL could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101674&sa=D&sntz=1&usg=AFQjCNENNQ_o-khMJU0gWgTsMTSop3RD-g>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\nCVEID:[CVE-2015-0286](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0286&sa=D&sntz=1&usg=AFQjCNGvFL1nRRCTGdCnGrDrby0xg91V6w>) \nDESCRIPTION:OpenSSL is vulnerable to a denial of service caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101666&sa=D&sntz=1&usg=AFQjCNFHWVV5aHMXzNx252ANsKM7YEaocw>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nCVEID:[CVE-2015-0287](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0287&sa=D&sntz=1&usg=AFQjCNGwtDFAjeFqsPeKmHIYt0ytsXXDvA>) \nDESCRIPTION:OpenSSL could allow a remote attacker to execute arbitrary code on the system caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101668&sa=D&sntz=1&usg=AFQjCNHBYabTOXSt-nDjuVE4UdVErzhrAg>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\nCVEID:[CVE-2015-0289](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0289&sa=D&sntz=1&usg=AFQjCNEbl37n5pzSnucQK-UV2Ke5n3ntPg>) \nDESCRIPTION:OpenSSL is vulnerable to a denial of service caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101669&sa=D&sntz=1&usg=AFQjCNENRLPZx9s7GtMCOWIHtaG_cebBRQ>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nCVEID:[CVE-2015-0292](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0292&sa=D&sntz=1&usg=AFQjCNFZDEFxlJrjld8MKSTl6mwD8q1cMw>) \nDESCRIPTION:OpenSSL could allow a remote attacker to execute arbitrary code on the system caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101670&sa=D&sntz=1&usg=AFQjCNHMtx56khvFFRc-OOGBxdj83UUBIg>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\nCVEID:[CVE-2015-0293](<http://www.google.com/url?q=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3Dcve-2015-0293&sa=D&sntz=1&usg=AFQjCNGGx5_N3UyLL8orJin4y4kNLRDOEw>) \nDESCRIPTION:OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671](<https://www.google.com/url?q=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2F%23%2Fvulnerabilities%2F101671&sa=D&sntz=1&usg=AFQjCNFPiqmc0qczjiflF4eNNpIjGO6f_A>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nAffected Products and Versions\n\n * Aspera Enterprise Server Client and Point to Point 3.5.4 and earlier\n * Aspera OnDemand 3.5 and earlier\n * Aspera Connect Server 3.5.4 and earlier\n * Aspera Shares 1.9.2 and earlier\n * Aspera Faspex 3.9.2 and earlier\n * Aspera Drive 1.2.1 and earlier\n * Aspera Console 3.0.0 and earlier\n * Aspera Proxy 1.2.2 and earlier\n * Aspera Orchestrator 2.2.1 and earlier\n\nRemediation/Fixes \n\nUpgrade to the scheduled next releases in Q2 2015 of all affected Aspera products which will include OpenSSL 1.0.1M which does not have the vulnerabilities.\n\nWorkarounds and Mitigations: None\n\nReference\n\n * [Complete CVSS Guide](<http://www.google.com/url?q=http%3A%2F%2Fwww.first.org%2Fcvss%2Fcvss-guide.html&sa=D&sntz=1&usg=AFQjCNHcI3Luaiu97u98i7raAPg2bGOA_Q>)\n * [On-line Calculator V2](<http://www.google.com/url?q=http%3A%2F%2Fnvd.nist.gov%2Fcvss.cfm%3Fcalculator%26adv%26version%3D2&sa=D&sntz=1&usg=AFQjCNH2gcAliFZATV3FaoEGcPNMzuIzfg>)\n * [OpenSSL Project vulnerability website](<http://www.google.com/url?q=http%3A%2F%2Fwww.openssl.org%2Fnews%2Fvulnerabilities.html&sa=D&sntz=1&usg=AFQjCNErl4Z78Aw4YExYhCdEBxle5w9RtA>)(for detail on what versions are affected)\n * [OpenSSL Advisory on above listed CVEs](<https://www.google.com/url?q=https%3A%2F%2Fwww.openssl.org%2Fnews%2Fsecadv_20150319.txt&sa=D&sntz=1&usg=AFQjCNG4Nb_K45XTsVt3MqH31YRUtJLUYw>)\n\nRelated Information\n\n[IBM Secure Engineering Web Portal ](<https://www.google.com/url?q=https%3A%2F%2Fwww-304.ibm.com%2Fjct03001c%2Fsecurity%2Fsecure-engineering%2F&sa=D&sntz=1&usg=AFQjCNHi-Qlw3D5W_lC7YdkZyfC-LRImCw>) \n[IBM Product Security Incident Response Blog](<https://www.google.com/url?q=https%3A%2F%2Fwww.ibm.com%2Fblogs%2Fpsirt&sa=D&sntz=1&usg=AFQjCNECL_CC-NXuDMDOUWIKVsgyTX370A>)\n\nAcknowledgement\n\nNone\n\nChange History\n\n16 April 2015: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\nDisclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST) the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS8NDZ\",\"label\":\"IBM Aspera\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-12-08T05:46:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-12-08T05:46:39", "id": "C5F0A3013333B48D4C08CB3D13549994F17CDBB3EA06E50A46D8068D5A06FCAC", "href": "https://www.ibm.com/support/pages/node/746479", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:37:18", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Informix Genero. Informix Genero has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability using a malformed Elliptic Curve (EC) private-key file to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101674>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101666>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101668>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101675>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101669>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101670>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101671>) for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nInformix Genero v2.3x, v2.4x & v2.5x\n\n## Remediation/Fixes\n\nInformix Genero component products with version numbers of 2.50.12.P4 and v2.50.14.P4 address these vulnerabilities. These versions can be downloaded from IBM\u2019s Fix Central web site at the locations indicated below. \n\n**Informix Genero Version**\n\n| \n\n**_Remediation/Fix by OS / Platform_**\n\n| \n \n---|---|--- \n \n**2.50.14.P4**\n\n| \n\n[**Linux-32;**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Linux+32-bit,x86&function=all>)** **[**Linux-64**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Linux+64-bit,x86_64&function=all>) \n[**Linux (pSeries)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Linux+64-bit,pSeries&function=all>) \n[**HP-UX (Risc-64)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=HPUX+64-bit,+PA+RISC&function=all>) \n[**HP-UX (IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=HPUX+64-bit,+IA64&function=all>) \n[**Mac OSX 10.5**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Mac+OSX+10.5&function=all>) \n[**Solaris (SPARC)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Solaris+64-bit,SPARC&function=all>) \n[**Solaris (Intel)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=Solaris+64-bit,x86&function=all>) \n[**AIX (pSeries)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.14.P4&platform=AIX+64-bit,+pSeries&function=all>)\n\n| \n \n \n**2.50.12.P4**\n\n| \n\n[**Windows(32);**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Windows+32-bit,+x86&function=all>)** **[**Windows(64**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Windows+64-bit,+x86&function=all>)**)** \n[**Linux-32;**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Linux+32-bit,x86&function=all>)** **[**Linux-64**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Linux+64-bit,x86_64&function=all>) \n[**Linux (pSeries)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Linux+64-bit,pSeries&function=all>) \n[**HP-UX (Risc-64)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=HPUX+64-bit,+PA+RISC&function=all>) \n[**HP-UX (IA-64)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=HPUX+64-bit,+IA64&function=all>) \n[**Mac OSX 10.5**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Mac+OSX+10.5&function=all>) \n[**Solaris (SPARC)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Solaris+64-bit,SPARC&function=all>) \n[**Solaris (Intel)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=Solaris+64-bit,x86&function=all>)[](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=AIX+64-bit,+pSeries&function=all>) \n[**AIX (pSeries)**](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/Informix+Tools&release=GEN2.50.12&platform=AIX+64-bit,+pSeries&function=all>)\n\n| \n \nThis fix disables RC4 stream cipher by default. If you change the default setting after applying the fix, you will expose yourself to the attack described above. IBM recommends that you review your entire environment to identify other areas where you have enabled the RC4 stream cipher and take appropriate mitigation and remediation actions. You should verify applying this fix does not cause any compatibility issues. \n\nFor Informix Genero versions 2.3x and 2.4x, IBM recommends an upgrade to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone. \n\n## ", "cvss3": {}, "published": "2021-06-03T22:08:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Informix Genero (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292 & CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-06-03T22:08:14", "id": "129E5B62D60732128A0EC19397E58D4329EE7F4D46AC1C97DF6F8DFCAEB8C3C7", "href": "https://www.ibm.com/support/pages/node/271441", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:36:52", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Intrusion Prevention System. IBM Security Intrusion Prevention System has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>) \n \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n \n**CVEID:**[_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666 _](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P \n \n \n \n**CVEID:**[_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P \n \n \n \n**CVEID:**[_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P \n \n \n \n**CVEID:**[_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P \n \n \n \n**CVEID:**[_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P \n \n \n \n**CVEID:**[_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n## Affected Products and Versions\n\nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n \nFirmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0010_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nIBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0010_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Network Intrusion Prevention System (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2022-02-23T19:48:26", "id": "3CC341F512B972FA400DC2567F88C930644A1B4BA4DC7920EA85D111D730075C", "href": "https://www.ibm.com/support/pages/node/260323", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:50:27", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0287_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nPower HMC V7.7.3.0 \nPower HMC V7.7.8.0 \nPower HMC V7.7.9.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0\n\n## Remediation/Fixes\n\nThe Following fixes are available on IBM Fix Central at <http://www-933.ibm.com/support/fixcentral/>\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nPower HMC| V7.7.3.0 SP7| MB03905| Apply eFix MH01517 \nPower HMC| V7.7.8.0 SP2| MB03906| Apply eFix MH01518 \nPower HMC| V7.7.9.0 SP2| MB03907| Apply eFix MH01519 \nPower HMC | V8.8.1.0 SP1| MB03908| Apply eFix MH01520 \nPower HMC| V8.8.2.0 SP1| MB03910| Apply eFix MH01521 \nIf unsupported versions/releases/platforms are affected and no fix will be provided, include the following statement: \n**Note:** \n1\\. For unsupported releases IBM recommends upgrading to a fixed, supported release of the product. \n2\\. After applying the PTF, you should restart the HMC. \n3\\. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called \"PERCS\" and \"IH\". End Of Service date for managing all other server models was 2013.05.31. \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n12 May 2015: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Internal Use Only\n\nPower HMC\n\n| V8.8.1.0| MB03834| Apply Service Pack MH01452 (SP2) \n---|---|---|--- \n \n[{\"Product\":{\"code\":\"SSB6AA\",\"label\":\"Power System Hardware Management Console Physical Appliance\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"HMC\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2021-09-23T01:31:39", "id": "C2E1B6F103D16592590804EC21CC266225CDAA4E931E62E62D9FD5256D6D1B8D", "href": "https://www.ibm.com/support/pages/node/646261", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:55", "description": "## Summary\n\nThe Total Storage System Console/TS4500 Integrated Management Console is affected by seven security vulnerabilities related to OpenSSL.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nTSSC/IMC 7.4.X\n\n## Remediation/Fixes\n\nUpgrade to TSSC 7.5.X. Please contact IBM support to obtain the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:39", "type": "ibm", "title": "Security Bulletin: TS3000 (TSSC/IMC) is affected by OpenSSL vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-18T00:09:39", "id": "FCEEB61FFF0AA043526B3AD29A5AA38A5A5E8F0EBFEBFB7196BA2301B080971B", "href": "https://www.ibm.com/support/pages/node/690483", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:38:21", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Sterling Connect:Direct for UNIX. Sterling Connect:Direct for UNIX has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 Boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct for Unix 4.1.0 \nIBM Sterling Connect:Direct for Unix 4.0.0\n\n## Remediation/Fixes\n\nV.R.M.F\n\n| APAR| Remediation/First Fix \n---|---|--- \n4.1.0| IT07895| Apply 4.1.0.4 iFix 046, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=4.1.0.0&platform=All&function=fixId&fixids=4.1.0.4*iFix046*&includeSupersedes=0>) \n4.0.0| IT07895| Apply 4.0.00 Fix 137, available on [_IWM_](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-SterlngLegacyreq>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-24T22:19:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2020-07-24T22:19:08", "id": "6A9D776A5DCA8DC833373833D988E134B60F05259FF378B7B8590B9714CF2ECE", "href": "https://www.ibm.com/support/pages/node/262001", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:57", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by Real-time Compression Appliance. Real-time Compression Appliance has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0209_](<https://vulners.com/cve/CVE-2015-0209>)**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service.CVSS Base Score: 7.5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n\n**CVEID:** [_CVE-2015-0286_](<https://vulners.com/cve/CVE-2015-0286>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.CVSS Base Score: 5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0287_](<https://vulners.com/cve/CVE-2015-0287>)**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system.CVSS Base Score: 7.5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0288_](<https://vulners.com/cve/CVE-2015-0288>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.CVSS Base Score: 5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0289_](<https://vulners.com/cve/CVE-2015-0289>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.CVSS Base Score: 5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0292_](<https://vulners.com/cve/CVE-2015-0292>)**DESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service.CVSS Base Score: 7.5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2015-0293_](<https://vulners.com/cve/CVE-2015-0293>)**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion.CVSS Base Score: 5CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671_](<https://exchange.xforce.ibmcloud.com/>) for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nReal-time Compression Appliance releases: \n\n\u00b7 4.1\n\n\u00b7 3.9\n\n\u00b7 3.8\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Real-time Compression CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-18T00:09:39", "id": "89E28DE00B780208C4738BFA3895A8309DBA6F3C9B16E54D09B45E894A59C215", "href": "https://www.ibm.com/support/pages/node/690489", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T01:34:46", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted. \n** ** \n \n**CVEID:** [CVE-2015-0209](<https://vulners.com/cve/CVE-2015-0209>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101674> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0286](<https://vulners.com/cve/CVE-2015-0286>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101666> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0287](<https://vulners.com/cve/CVE-2015-0287>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101668> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0288](<https://vulners.com/cve/CVE-2015-0288>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/101675> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0289](<https://vulners.com/cve/CVE-2015-0289>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101669> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0292](<https://vulners.com/cve/CVE-2015-0292>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101670> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0293](<https://vulners.com/cve/CVE-2015-0293>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101671> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.3.0.0 to 1.5.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.1 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.1 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:30", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-18T00:09:30", "id": "E21EE2EC4B109051DD18B7E28B917655784B8802BDD1068065EBF95CC0940B6B", "href": "https://www.ibm.com/support/pages/node/690461", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:38:05", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Storwize V7000 Unified. IBM Storwize V7000 Unified has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. \n** ** \n \n**CVEID:** [CVE-2015-0209](<https://vulners.com/cve/CVE-2015-0209>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101674> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0286](<https://vulners.com/cve/CVE-2015-0286>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101666> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0287](<https://vulners.com/cve/CVE-2015-0287>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101668> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0288](<https://vulners.com/cve/CVE-2015-0288>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/101675> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0289](<https://vulners.com/cve/CVE-2015-0289>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101669> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID: **[CVE-2015-0292](<https://vulners.com/cve/CVE-2015-0292>) \n \n**DESCRIPTION: **OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101670> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n \n**CVEID: **[CVE-2015-0293](<https://vulners.com/cve/CVE-2015-0293>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101671> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running a code releases 1.3.0.0 to 1.5.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.5.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:28", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-06-18T00:09:28", "id": "424AD9C14BC6E654796939B2A04098E63ED127E8B8F95697A9A6DB2594D854D9", "href": "https://www.ibm.com/support/pages/node/690451", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:40:18", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n \n**CVEID:** [CVE-2015-0209](<https://vulners.com/cve/CVE-2015-0209>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101674> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [CVE-2015-0286](<https://vulners.com/cve/CVE-2015-0286>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101666> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-0287](<https://vulners.com/cve/CVE-2015-0287>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101668> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [CVE-2015-0288](<https://vulners.com/cve/CVE-2015-0288>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101675> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-0289](<https://vulners.com/cve/CVE-2015-0289>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101669> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2015-0292](<https://vulners.com/cve/CVE-2015-0292>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101670> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n**CVEID:** [CVE-2015-0293](<https://vulners.com/cve/CVE-2015-0293>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101671> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect IBM SDK for Node.js v1.1.0.12 and previous releases.\n\n## Remediation/Fixes\n\nThe fixes for these vulnerabilities are included in IBM SDK for Node.js v1.1.0.13 and subsequent releases. \n \nIBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from [_here_](<http://www.ibm.com/developerworks/web/nodesdk/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [_IBM support_](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n## ", "cvss3": {}, "published": "2018-08-09T04:20:36", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM\u00ae SDK for Node.js\u2122", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0209", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0292", "CVE-2015-0293"], "modified": "2018-08-09T04:20:36", "id": "F02C08485005B3F2D6BECAD34DA40CFF4FB98527D314337A35423CE106DF04A1", "href": "https://www.ibm.com/support/pages/node/260863", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:52:24", "description": "## Summary\n\nSecurity vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (AMM).\n\n## Vulnerability Details\n\n## Summary\n\nSecurity vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (AMM).\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-0209](<https://vulners.com/cve/CVE-2015-0209>)\n\n**Description:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system and cause a denial of service.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101674> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-0286](<https://vulners.com/cve/CVE-2015-0286>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101666> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-0287](<https://vulners.com/cve/CVE-2015-0287>)\n\n**Description:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and execute arbitrary code on the system.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101668> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-0288](<https://vulners.com/cve/CVE-2015-0288>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101675> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-0289](<https://vulners.com/cve/CVE-2015-0289>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101669> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-0292](<https://vulners.com/cve/CVE-2015-0292>)\n\n**Description:** OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service.\n\nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101670> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVE-ID:** [CVE-2015-0293](<https://vulners.com/cve/CVE-2015-0293>)\n\n**Description:** OpenSSL is vulnerable to a denial of service. By sending a specially-crafted SSLv2 CLIENT-MASTER-KEY message, a remote attacker could exploit this vulnerability to trigger an assertion.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/101671> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and versions\n\nIBM BladeCenter Advanced Management Module Firmware v3.66K (BPET66K, BBET66K, BPEO66K) and previous versions are affected.\n\nThis applies to the following hardware products:\n\n * BladeCenter Advanced Management Module, Option 25R5778\n * BladeCenter T Advanced Management Module, Option 32R0835\n * IBM BladeCenter\u2122-E: Type 1881, 7967, 8677\n * IBM BladeCenter\u2122-H: Types 1886, 7989, 8852\n * IBM BladeCenter\u2122-HT: Types 8740, 8750\n * IBM BladeCenter\u2122-S: Types 1948, 7779, 8886\n * IBM BladeCenter\u2122-T: Types 8720, 8730\n\n## Remediation/Fixes\n\nYou should verify applying this fix does not cause any compatibility issues.\n\nFix Central: <http://www.ibm.com/support/fixcen