OpenSSL cryptographic weakness in Debian DSA-888-
Reporter | Title | Published | Views | Family All 92 |
---|---|---|---|---|
OpenVAS | FreeBSD Ports: openssl, openssl-overwrite-base | 4 Sep 200800:00 | – | openvas |
OpenVAS | Slackware Advisory SSA:2005-286-01 OpenSSL | 11 Sep 201200:00 | – | openvas |
OpenVAS | SLES9: Security update for OpenSSL | 10 Oct 200900:00 | – | openvas |
OpenVAS | FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc) | 4 Sep 200800:00 | – | openvas |
OpenVAS | Gentoo Security Advisory GLSA 200510-11 (OpenSSL) | 24 Sep 200800:00 | – | openvas |
OpenVAS | SLES9: Security update for OpenSSL | 10 Oct 200900:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 881-1 (openssl096) | 17 Jan 200800:00 | – | openvas |
OpenVAS | Debian Security Advisory DSA 875-1 (openssl094) | 17 Jan 200800:00 | – | openvas |
OpenVAS | FreeBSD Security Advisory (FreeBSD-SA-05:21.openssl.asc) | 4 Sep 200800:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-881-1) | 17 Jan 200800:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
debian | www.debian.org/security/2005/dsa-888 |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-888. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(22754);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2005-2969");
script_xref(name:"DSA", value:"888");
script_name(english:"Debian DSA-888-1 : openssl - cryptographic weakness");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.
The following matrix explains which version in which distribution has
this problem corrected.
oldstable (woody) stable (sarge) unstable (sid)
openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl094 0.9.4-6.woody.4 n/a n/a
openssl095 0.9.5a-6.woody.6 n/a n/a
openssl096 n/a 0.9.6m-1sarge1 n/a
openssl097 n/a n/a 0.9.7g-5"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2005/dsa-888"
);
script_set_attribute(attribute:"solution", value:"Upgrade the libssl packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
script_set_attribute(attribute:"patch_publication_date", value:"2005/11/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"libssl-dev", reference:"0.9.6c-2.woody.8")) flag++;
if (deb_check(release:"3.0", prefix:"libssl0.9.6", reference:"0.9.6c-2.woody.8")) flag++;
if (deb_check(release:"3.0", prefix:"openssl", reference:"0.9.6c-2.woody.8")) flag++;
if (deb_check(release:"3.0", prefix:"ssleay", reference:"0.9.6c-2.woody.8")) flag++;
if (deb_check(release:"3.1", prefix:"libssl-dev", reference:"0.9.7e-3sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"libssl0.9.7", reference:"0.9.7e-3sarge1")) flag++;
if (deb_check(release:"3.1", prefix:"openssl", reference:"0.9.7e-3sarge1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo