Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.ALA_ALAS-2016-682.NASL
HistoryApr 07, 2016 - 12:00 a.m.

Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)

2016-04-0700:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
21
JSON

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.
(CVE-2015-0293)

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle. (CVE-2016-0703)

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections.
This cross-protocol attack is publicly referred to as DROWN.
(CVE-2016-0800)

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-682.
#

include("compat.inc");

if (description)
{
  script_id(90364);
  script_version("2.8");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2015-0293", "CVE-2015-3197", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0800");
  script_xref(name:"ALAS", value:"2016-682");

  script_name(english:"Amazon Linux AMI : openssl098e (ALAS-2016-682) (DROWN)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A denial of service flaw was found in the way OpenSSL handled SSLv2
handshake messages. A remote attacker could use this flaw to cause a
TLS/SSL server using OpenSSL to exit on a failed assertion if it had
both the SSLv2 protocol and EXPORT-grade cipher suites enabled.
(CVE-2015-0293)

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2
connection handshakes that indicated non-zero clear key length for
non-export cipher suites. An attacker could use this flaw to decrypt
recorded SSLv2 sessions with the server by using it as a decryption
oracle. (CVE-2016-0703)

It was discovered that the SSLv2 protocol implementation in OpenSSL
did not properly implement the Bleichenbacher protection for export
cipher suites. An attacker could use a SSLv2 server using OpenSSL as a
Bleichenbacher oracle. (CVE-2016-0704)

A padding oracle flaw was found in the Secure Sockets Layer version
2.0 (SSLv2) protocol. An attacker can potentially use this flaw to
decrypt RSA-encrypted cipher text from a connection using a newer
SSL/TLS protocol version, allowing them to decrypt such connections.
This cross-protocol attack is publicly referred to as DROWN.
(CVE-2016-0800)

A flaw was found in the way malicious SSLv2 clients could negotiate
SSLv2 ciphers that have been disabled on the server. This could result
in weak SSLv2 ciphers being used for SSLv2 connections, making them
vulnerable to man-in-the-middle attacks. (CVE-2015-3197)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2016-682.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update openssl098e' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl098e");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl098e-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/06");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"openssl098e-0.9.8e-29.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"openssl098e-debuginfo-0.9.8e-29.19.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl098e / openssl098e-debuginfo");
}
VendorProductVersionCPE
amazonlinuxopenssl098ep-cpe:/a:amazon:linux:openssl098e
amazonlinuxopenssl098e-debuginfop-cpe:/a:amazon:linux:openssl098e-debuginfo
amazonlinuxcpe:/o:amazon:linux

Related

openvas 30
redhat 13
amazon 1
nessus 49
centos 5
oraclelinux 2
checkpoint_advisories 1
f5 7
paloalto 1
seebug 1
openssl 5
suse 14
prion 5
cve 4
ubuntucve 5
debiancve 4
cloudfoundry 1
nmap 1
openwrt 1
ibm 25
arista 1
freebsd_advisory 2
freebsd 1
gentoo 1
veracode 6
thn 1
hackerone 4
slackware 1
osv 1
debian 1
cisco 1
huawei 1
ics 2
threatpost 1
openvas
openvas
RedHat Update for openssl098e RHSA-2016:0372-01
2016-03-10 00:00:00
CentOS Update for openssl098e CESA-2016:0372 centos6
2016-03-10 00:00:00
CentOS Update for openssl098e CESA-2016:0372 centos7
2016-03-10 00:00:00
redhat
redhat
(RHSA-2016:0304) Important: openssl security update
2016-03-01 00:00:00
(RHSA-2016:0372) Important: openssl098e security update
2016-03-09 00:00:00
(RHSA-2016:0303) Important: openssl security update
2016-03-01 00:00:00
amazon
amazon
Important: openssl098e
2016-04-06 14:40:00
nessus
nessus
RHEL 6 / 7 : openssl098e (RHSA-2016:0372) (DROWN)
2016-03-09 00:00:00
CentOS 6 / 7 : openssl098e (CESA-2016:0372) (DROWN)
2016-03-09 00:00:00
Scientific Linux Security Update : openssl098e on SL6.x, SL7.x i386/x86_64 (20160309) (DROWN)
2016-03-10 00:00:00
centos
centos
openssl098e security update
2016-03-09 05:32:33
openssl security update
2016-03-01 16:57:33
openssl security update
2015-04-14 11:25:52
oraclelinux
oraclelinux
openssl098e security update
2016-03-09 00:00:00
openssl security update
2016-03-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Secure Sockets Layer (SSL) Version 2.0 (CVE-2016-0703; CVE-2016-0704; CVE-2016-0800)
2014-03-18 00:00:00
f5
f5
SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
2016-03-09 00:00:00
K95463126 : OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
2016-03-10 00:00:00
K33209124 : OpenSSL vulnerability CVE-2015-3197
2016-01-29 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
seebug
seebug
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
2016-03-02 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-0800
2016-03-01 00:00:00
Vulnerability in OpenSSL CVE-2016-0704
2016-03-01 00:00:00
Vulnerability in OpenSSL CVE-2016-0703
2016-03-01 00:00:00
suse
suse
Security update for openssl (important)
2016-03-03 15:11:31
Security update for openssl (important)
2016-03-11 14:14:22
Security update for openssl (important)
2016-03-01 19:12:02
prion
prion
Buffer overflow
2016-03-02 11:59:00
Sql injection
2016-03-02 11:59:00
Design/Logic Flaw
2016-02-15 02:59:00
cve
cve
CVE-2016-0704
2016-03-02 11:59:00
CVE-2016-0703
2016-03-02 11:59:00
CVE-2015-0293
2015-03-19 22:59:00
ubuntucve
ubuntucve
CVE-2016-0704
2016-03-01 00:00:00
CVE-2016-0703
2016-03-01 00:00:00
CVE-2015-0293
2015-03-17 00:00:00
debiancve
debiancve
CVE-2016-0704
2016-03-02 11:59:00
CVE-2016-0703
2016-03-02 11:59:00
CVE-2015-3197
2016-02-15 02:59:00
cloudfoundry
cloudfoundry
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities | Cloud Foundry
2016-03-02 00:00:00
nmap
nmap
sslv2-drown NSE Script
2016-07-07 16:35:39
openwrt
openwrt
openssl: Security update (9 CVEs)
2016-03-01 16:52:09
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect PowerKVM
2018-06-18 01:30:44
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™
2018-08-09 04:20:36
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix
2018-08-09 04:20:36
arista
arista
Security Advisory 0018
2016-03-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:12.openssl
2016-03-10 00:00:00
FreeBSD-SA-16:11.openssl
2016-01-30 00:00:00
freebsd
freebsd
FreeBSD -- Multiple OpenSSL vulnerabilities
2016-03-10 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-03-20 00:00:00
veracode
veracode
Information Disclosure
2017-02-06 01:54:39
Information Disclosure
2017-02-06 02:50:41
Cipher Bypass
2017-02-10 00:52:27
thn
thn
DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk
2016-03-01 07:11:00
hackerone
hackerone
Internet Bug Bounty: Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
2016-05-12 05:53:22
Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
2016-09-07 17:41:26
Internet Bug Bounty: Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
2016-05-12 05:56:32
slackware
slackware
[slackware-security] openssl
2016-02-04 00:06:23
osv
osv
openssl - security update
2016-02-20 00:00:00
debian
debian
[SECURITY] [DLA 421-1] openssl security update
2016-02-20 12:34:52
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
2016-03-02 12:30:00
huawei
huawei
Security Advisory - OpenSSL DROWN Security Vulnerability
2016-03-30 00:00:00
ics
ics
Siemens Industrial Products DROWN Vulnerability (Update C)
2016-04-12 00:00:00
Siemens Industrial Products DROWN Vulnerability (Update C)
2017-11-28 12:00:00
threatpost
threatpost
DROWN Flaw Opens 33 Percent Of HTTPS Connections To Attack
2016-03-01 12:30:00
JSON
Related for ALA_ALAS-2016-682.NASL
openvas30redhat13amazon1nessus49centos5oraclelinux2checkpoint_advisories1f57paloalto1seebug1openssl5suse14prion5cve4ubuntucve5debiancve4cloudfoundry1nmap1openwrt1ibm25arista1freebsd_advisory2freebsd1gentoo1veracode6thn1hackerone4slackware1osv1debian1cisco1huawei1ics2threatpost1