Debian DSA-881-1 : openssl096 - cryptographic weakness

2006-10-14T00:00:00
ID DEBIAN_DSA-881.NASL
Type nessus
Reporter Tenable
Modified 2018-07-20T00:00:00

Description

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

The following matrix explains which version in which distribution has this problem corrected.

                 oldstable (woody)  stable (sarge)     unstable (sid)       openssl            0.9.6c-2.woody.8   0.9.7e-3sarge1     0.9.8-3              openssl094         0.9.4-6.woody.4    n/a                n/a                  openssl095         0.9.5a-6.woody.6   n/a                n/a                  openssl096         n/a                0.9.6m-1sarge1     n/a                  openssl097         n/a                n/a                0.9.7g-5

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-881. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22747);
  script_version("1.11");
  script_cvs_date("Date: 2018/07/20  2:17:11");

  script_cve_id("CVE-2005-2969");
  script_xref(name:"DSA", value:"881");

  script_name(english:"Debian DSA-881-1 : openssl096 - cryptographic weakness");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

                     oldstable (woody)  stable (sarge)     unstable (sid)     
  openssl            0.9.6c-2.woody.8   0.9.7e-3sarge1     0.9.8-3            
  openssl094         0.9.4-6.woody.4    n/a                n/a                
  openssl095         0.9.5a-6.woody.6   n/a                n/a                
  openssl096         n/a                0.9.6m-1sarge1     n/a                
  openssl097         n/a                n/a                0.9.7g-5"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-881"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the libssl packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl096");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"libssl0.9.6", reference:"0.9.6m-1sarge1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");