Lucene search
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1763.NASLHistoryApr 07, 2009 - 12:00 a.m.
Debian DSA-1763-1 : openssl - programming error
2009-04-0700:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1763. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(36090);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-0590");
script_bugtraq_id(34256);
script_xref(name:"DSA", value:"1763");
script_name(english:"Debian DSA-1763-1 : openssl - programming error");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that insufficient length validations in the ASN.1
handling of the OpenSSL crypto library may lead to denial of service
when processing a manipulated certificate."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2009/dsa-1763"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the openssl packages.
For the old stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch5 of the openssl package and in version
0.9.7k-3.1etch3 of the openssl097 package.
For the stable distribution (lenny), this problem has been fixed in
version 0.9.8g-15+lenny1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/04/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"libssl-dev", reference:"0.9.8c-4etch5")) flag++;
if (deb_check(release:"4.0", prefix:"libssl0.9.7", reference:"0.9.7k-3.1etch3")) flag++;
if (deb_check(release:"4.0", prefix:"libssl0.9.7-dbg", reference:"0.9.7k-3.1etch3")) flag++;
if (deb_check(release:"4.0", prefix:"libssl0.9.8", reference:"0.9.8c-4etch5")) flag++;
if (deb_check(release:"4.0", prefix:"libssl0.9.8-dbg", reference:"0.9.8c-4etch5")) flag++;
if (deb_check(release:"4.0", prefix:"openssl", reference:"0.9.8c-4etch5")) flag++;
if (deb_check(release:"5.0", prefix:"libssl-dev", reference:"0.9.8g-15+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libssl0.9.8", reference:"0.9.8g-15+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libssl0.9.8-dbg", reference:"0.9.8g-15+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openssl", reference:"0.9.8g-15+lenny1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | openssl | p-cpe:/a:debian:debian_linux:openssl |
| debian | debian_linux | 4.0 | cpe:/o:debian:debian_linux:4.0 |
| debian | debian_linux | 5.0 | cpe:/o:debian:debian_linux:5.0 |
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:087 (openssl)
2009-04-06 00:00:00
Debian Security Advisory DSA 1763-1 (openssl)
2009-04-15 00:00:00
Ubuntu USN-750-1 (openssl)
2009-04-06 00:00:00
nessus
nessus
Solaris 10 (x86) : 140119-11
2009-05-13 00:00:00
GLSA-200904-08 : OpenSSL: Denial of Service
2009-04-07 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : openssl vulnerability (USN-750-1)
2009-04-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:41:59
openssl
openssl
Vulnerability in OpenSSL CVE-2009-0590
2009-03-25 00:00:00
f5
f5
K15358 : OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
SOL15358 - OpenSSL vulnerability CVE-2009-0590
2014-06-19 00:00:00
securityvulns
securityvulns
OpenSSL library BMPString DoS
2009-04-01 00:00:00
[USN-750-1] OpenSSL vulnerability
2009-04-01 00:00:00
freebsd
freebsd
FreeBSD -- remotely exploitable crash in OpenSSL
2009-03-25 00:00:00
gentoo
gentoo
OpenSSL: Denial of service
2009-04-07 00:00:00
cvelist
cvelist
CVE-2009-0590
2009-03-27 16:00:00
prion
prion
Authentication flaw
2009-03-27 16:30:00
debian
debian
[SECURITY] [DSA 1763-1] New openssl packages fix denial of service
2009-04-06 16:26:01
debiancve
debiancve
CVE-2009-0590
2009-03-27 16:30:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:08.openssl
2009-04-22 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2009-03-30 00:00:00
ubuntucve
ubuntucve
CVE-2009-0590
2009-03-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2009-0590 affecting package openssl 1.1.1g-6
2021-08-11 06:39:26
cve
cve
CVE-2009-0590
2009-03-27 16:30:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
redhat
redhat
(RHSA-2010:0163) Moderate: openssl security update
2010-03-25 00:00:00
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
threatpost
threatpost
Multiple vulnerabilities found, fixed in OpenSSL
2009-03-26 23:43:56
centos
centos
openssl security update
2010-03-25 22:38:39
openssl security update
2009-09-15 18:42:01
slackware
slackware
openssl
2009-04-07 23:29:36
oraclelinux
oraclelinux
openssl security update
2010-03-25 00:00:00
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
suse
suse
Security update for compat-openssl097g (important)
2011-07-27 17:08:16
compat-openssl097g (important)
2011-07-27 16:08:25
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Related for DEBIAN_DSA-1763.NASL