According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash.(CVE-2015-1791)
An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.(CVE-2015-1789)
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.(CVE-2009-0590)
An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution.(CVE-2014-8176)
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.(CVE-2011-4108)
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.(CVE-2007-5135)
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash.(CVE-2014-3571)
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.(CVE-2012-2110)
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites.
An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.(CVE-2009-1386)
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.(CVE-2009-4355)
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.(CVE-2014-3507)
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of ‘future epoch’ DTLS records that are buffered in a queue, aka ‘DTLS record buffer limitation bug.’(CVE-2009-1377)
A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported.(CVE-2015-0209)
A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification.(CVE-2015-1792)
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.(CVE-2015-0293)
An invalid pointer use flaw was found in OpenSSL’s ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.(CVE-2015-0286)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications.(CVE-2014-8275)
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable ‘non-stitched’ ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).(CVE-2019-1559)
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic.(CVE-2015-4000)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(125001);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/08");
script_cve_id(
"CVE-2007-5135",
"CVE-2009-0590",
"CVE-2009-1377",
"CVE-2009-1386",
"CVE-2009-4355",
"CVE-2011-4108",
"CVE-2012-2110",
"CVE-2014-3507",
"CVE-2014-3571",
"CVE-2014-8176",
"CVE-2014-8275",
"CVE-2015-0209",
"CVE-2015-0286",
"CVE-2015-0293",
"CVE-2015-1789",
"CVE-2015-1791",
"CVE-2015-1792",
"CVE-2015-4000",
"CVE-2016-0703",
"CVE-2019-1559"
);
script_bugtraq_id(
25831,
31692,
34256,
35001,
35174,
51281,
53158,
69078,
71935,
71937,
73196,
73225,
73232,
73239,
74107,
74733,
75154,
75156,
75159,
75161,
75769
);
script_name(english:"EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1548)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the openssl packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- A race condition was found in the session handling code
of OpenSSL. This issue could possibly cause a
multi-threaded TLS/SSL client using OpenSSL to double
free session ticket data and crash.(CVE-2015-1791)
- An out-of-bounds read flaw was found in the
X509_cmp_time() function of OpenSSL, which is used to
test the expiry dates of SSL/TLS certificates. An
attacker could possibly use a specially crafted SSL/TLS
certificate or CRL (Certificate Revocation List), which
when parsed by an application would cause that
application to crash.(CVE-2015-1789)
- The ASN1_STRING_print_ex function in OpenSSL before
0.9.8k allows remote attackers to cause a denial of
service (invalid memory access and application crash)
via vectors that trigger printing of a (1) BMPString or
(2) UniversalString with an invalid encoded
length.(CVE-2009-0590)
- An invalid-free flaw was found in the way OpenSSL
handled certain DTLS handshake messages. A malicious
DTLS client or server could send a specially crafted
message to the peer, which could cause the application
to crash or potentially result in arbitrary code
execution.(CVE-2014-8176)
- The DTLS implementation in OpenSSL before 0.9.8s and
1.x before 1.0.0f performs a MAC check only if certain
padding is valid, which makes it easier for remote
attackers to recover plaintext via a padding oracle
attack.(CVE-2011-4108)
- Off-by-one error in the SSL_get_shared_ciphers function
in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f,
might allow remote attackers to execute arbitrary code
via a crafted packet that triggers a one-byte buffer
underflow. NOTE: this issue was introduced as a result
of a fix for CVE-2006-3738. As of 20071012, it is
unknown whether code execution is
possible.(CVE-2007-5135)
- A NULL pointer dereference flaw was found in the DTLS
implementation of OpenSSL. A remote attacker could send
a specially crafted DTLS message, which would cause an
OpenSSL server to crash.(CVE-2014-3571)
- The asn1_d2i_read_bio function in
crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0
before 1.0.0i, and 1.0.1 before 1.0.1a does not
properly interpret integer data, which allows remote
attackers to conduct buffer overflow attacks, and cause
a denial of service (memory corruption) or possibly
have unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public
key.(CVE-2012-2110)
- It was discovered that the SSLv2 servers using OpenSSL
accepted SSLv2 connection handshakes that indicated
non-zero clear key length for non-export cipher suites.
An attacker could use this flaw to decrypt recorded
SSLv2 sessions with the server by using it as a
decryption oracle.(CVE-2016-0703)
- ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote
attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a DTLS
ChangeCipherSpec packet that occurs before
ClientHello.(CVE-2009-1386)
- Memory leak in the zlib_stateful_finish function in
crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and
1.0.0 Beta through Beta 4 allows remote attackers to
cause a denial of service (memory consumption) via
vectors that trigger incorrect calls to the
CRYPTO_cleanup_all_ex_data function, as demonstrated by
use of SSLv3 and PHP with the Apache HTTP Server, a
related issue to CVE-2008-1678.(CVE-2009-4355)
- A flaw was discovered in the way OpenSSL handled DTLS
packets. A remote attacker could use this flaw to cause
a DTLS server or client using OpenSSL to crash or use
excessive amounts of memory.(CVE-2014-3507)
- The dtls1_buffer_record function in ssl/d1_pkt.c in
OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote
attackers to cause a denial of service (memory
consumption) via a large series of 'future epoch' DTLS
records that are buffered in a queue, aka 'DTLS record
buffer limitation bug.'(CVE-2009-1377)
- A use-after-free flaw was found in the way OpenSSL
imported malformed Elliptic Curve private keys. A
specially crafted key file could cause an application
using OpenSSL to crash when imported.(CVE-2015-0209)
- A denial of service flaw was found in the way OpenSSL
verified certain signed messages using CMS
(Cryptographic Message Syntax). A remote attacker could
cause an application using OpenSSL to use excessive
amounts of memory by sending a specially crafted
message for verification.(CVE-2015-1792)
- A denial of service flaw was found in the way OpenSSL
handled SSLv2 handshake messages. A remote attacker
could use this flaw to cause a TLS/SSL server using
OpenSSL to exit on a failed assertion if it had both
the SSLv2 protocol and EXPORT-grade cipher suites
enabled.(CVE-2015-0293)
- An invalid pointer use flaw was found in OpenSSL's
ASN1_TYPE_cmp() function. A remote attacker could crash
a TLS/SSL client or server using OpenSSL via a
specially crafted X.509 certificate when the
attacker-supplied certificate was verified by the
application.(CVE-2015-0286)
- Multiple flaws were found in the way OpenSSL parsed
X.509 certificates. An attacker could use these flaws
to modify an X.509 certificate to produce a certificate
with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based
blacklisting in applications.(CVE-2014-8275)
- If an application encounters a fatal protocol error and
then calls SSL_shutdown() twice (once to send a
close_notify, and once to receive one) then OpenSSL can
respond differently to the calling application if a 0
byte record is received with invalid padding compared
to if a 0 byte record is received with an invalid MAC.
If the application then behaves differently based on
that in a way that is detectable to the remote peer,
then this amounts to a padding oracle that could be
used to decrypt data. In order for this to be
exploitable 'non-stitched' ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of
certain commonly used ciphersuites. Also the
application must call SSL_shutdown() twice even if a
protocol error has occurred (applications should not do
this but some do anyway). Fixed in OpenSSL 1.0.2r
(Affected 1.0.2-1.0.2q).(CVE-2019-1559)
- A flaw was found in the way the TLS protocol composes
the Diffie-Hellman exchange (for both export and
non-export grade cipher suites). An attacker could use
this flaw to downgrade a DHE connection to use
export-grade key sizes, which could then be broken by
sufficient pre-computation. This can lead to a passive
man-in-the-middle attack in which the attacker is able
to decrypt all traffic.(CVE-2015-4000)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1548
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?08b55f2d");
script_set_attribute(attribute:"solution", value:
"Update the affected openssl packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8176");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(119, 189, 399);
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["openssl-1.0.2k-16.h5",
"openssl-devel-1.0.2k-16.h5",
"openssl-libs-1.0.2k-16.h5"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
www.nessus.org/u?08b55f2d