EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2020-1637)

2020-06-17T00:00:00

Description

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.(CVE-2016-2179) - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.(CVE-2011-4577) - Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.(CVE-2015-0206) - The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.(CVE-2011-3210) - The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.(CVE-2016-2176) - The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.(CVE-2015-0205) - The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.(CVE-2014-3572) - Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.(CVE-2014-3507) - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol downgrade' issue.(CVE-2014-3511) - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.(CVE-2014-3470) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2020-1637.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2020-1637)", "description": "According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.(CVE-2016-2179)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.(CVE-2011-4577)\n\n - Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.(CVE-2015-0206)\n\n - The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.(CVE-2011-3210)\n\n - The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.(CVE-2016-2176)\n\n - The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.(CVE-2015-0205)\n\n - The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.(CVE-2014-3572)\n\n - Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.(CVE-2014-3507)\n\n - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol downgrade' issue.(CVE-2014-3511)\n\n - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.(CVE-2014-3470)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-06-17T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.2}, "href": "https://www.tenable.com/plugins/nessus/137479", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?27f046c9", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210"], "cvelist": ["CVE-2011-3210", "CVE-2011-4577", "CVE-2014-3470", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3572", "CVE-2015-0205", "CVE-2015-0206", "CVE-2016-2176", "CVE-2016-2179"], "immutableFields": [], "lastseen": "2023-01-11T15:14:10", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC", "OPENSSL_ADVISORY12.ASC", "OPENSSL_ADVISORY20.ASC", "OPENSSL_ADVISORY21.ASC", "OPENSSL_ADVISORY9.ASC"]}, {"type": "altlinux", "idList": ["5465F07D1A6D03822732077D9B208F0B", "6E8B796A6FEE95047EFD1F1579BB3755", "CA02D996C51FDE4696ED5DEAE9A556FD"]}, {"type": "amazon", "idList": ["ALAS-2012-038", "ALAS-2014-349", "ALAS-2014-391", "ALAS-2015-469", "ALAS-2016-755"]}, {"type": "apple", "idList": ["APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "APPLE:HT206903"]}, {"type": "archlinux", "idList": ["ASA-201501-2", "ASA-201605-3", "ASA-201605-4", "ASA-201609-23", "ASA-201609-24"]}, {"type": "centos", "idList": ["CESA-2012:0059", "CESA-2014:0625", "CESA-2014:1052", "CESA-2015:0066", "CESA-2016:1940"]}, {"type": "cert", "idList": ["VU:737740"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-164", "CPAI-2012-171", "CPAI-2014-1625", "CPAI-2014-1892", "CPAI-2014-1991", "CPAI-2015-0012", "CPAI-2015-0053"]}, {"type": "cisco", "idList": ["CISCO-SA-20140605-OPENSSL", "CISCO-SA-20150310-SSL", "CISCO-SA-20160504-OPENSSL", "CISCO-SA-20160927-OPENSSL"]}, {"type": "citrix", "idList": ["CTX140876", "CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:927660022E9A31CE680A6AE3AFF33997"]}, {"type": "cve", "idList": ["CVE-2011-3210", "CVE-2011-4577", "CVE-2014-3470", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3572", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0533", "CVE-2015-3572", "CVE-2016-2176", "CVE-2016-2179"]}, {"type": "debian", "idList": ["DEBIAN:390904FFE148E120DF4B08FAFECE0584:DD9E5", "DEBIAN:BSA-060:0BDFE", "DEBIAN:DLA-132-1:941A7", "DEBIAN:DLA-33-1:85002", "DEBIAN:DLA-456-1:BB65D", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-2950-2:DC295", "DEBIAN:DSA-2998-1:7D1C0", "DEBIAN:DSA-3125-1:14B8F", "DEBIAN:DSA-3125-1:8906F", "DEBIAN:DSA-3566-1:D74F5", "DEBIAN:DSA-3673-1:477A4", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3210", "DEBIANCVE:CVE-2011-4577", "DEBIANCVE:CVE-2014-3470", "DEBIANCVE:CVE-2014-3507", "DEBIANCVE:CVE-2014-3511", "DEBIANCVE:CVE-2014-3572", "DEBIANCVE:CVE-2015-0205", "DEBIANCVE:CVE-2015-0206", "DEBIANCVE:CVE-2016-2176", "DEBIANCVE:CVE-2016-2179"]}, {"type": "f5", "idList": ["F5:K07538415", "F5:K15314", "F5:K15342", "F5:K15564", "F5:K15573", "F5:K16124", "F5:K16126", "F5:K16135", "F5:K16834", "F5:K23512141", "F5:K47145213", "SOL07538415", "SOL15314", "SOL15342", "SOL15564", "SOL15573", "SOL16124", "SOL16126", "SOL16135", "SOL16834", "SOL22071504", "SOL23512141", "SOL47145213"]}, {"type": "fedora", "idList": ["FEDORA:2BE5D60BDFEF", "FEDORA:340B120DED", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4EA2C604D2D3", "FEDORA:6CE3D20E51", "FEDORA:6EB0220FFA", "FEDORA:7E8A66075F16", "FEDORA:9278321934", "FEDORA:997B660D68A4", "FEDORA:A271421BA0", "FEDORA:C277D20308", "FEDORA:CA868607A1CD", "FEDORA:D917260C7478", "FEDORA:DBB0F21109", "FEDORA:DDD696087CE5", "FEDORA:E67696087B8D"]}, {"type": "fortinet", "idList": ["FG-IR-14-018", "FG-IR-16-026", "FG-IR-16-048"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "2ECB7B20-D97E-11E0-B2E2-00215C6A37BB", "43EAA656-80BC-11E6-BF52-B499BAEBFEAF", "4E536C14-9791-11E4-977D-D050992ECDE8", "5AC53801-EC2E-11E3-9CF3-3C970E169BC2", "78CC8A46-3E56-11E1-89B4-001EC9578670", "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2", "F9C388C5-A256-11E4-992A-7B2A515A1247"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-14:14.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-14:18.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-15:01.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-16:17.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-16:26.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201110-01", "GLSA-201203-12", "GLSA-201407-05", "GLSA-201412-39", "GLSA-201612-16"]}, {"type": "hackerone", "idList": ["H1:135946"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL", "HUAWEI-SA-20141008-OPENSSL", "HUAWEI-SA-20160706-01-OPENSSL", "HUAWEI-SA-20170322-01-OPENSSL"]}, {"type": "ibm", "idList": ["025E2CD6F9F010517E9E17E8AC66A53012D7F2D3765B567272ACF4ED02426647", "02A7BA66D6C68240713783F0192F9ABBF8E29584A813D730F8E6DDE8F871499D", "098E1724D0D22BD8E0B54429E8D6B7A2A5B2B8403A792BB9788E96F4B4565340", "0AEC3ABCCFB562437ED4141670F5C7C6E096FEFB11D3045A28046C82B784AD9E", "0D459600B092B85E783E0A6371C3E1BFEDCD18BC648ACAA512F5FB9EF050A910", "0DA16010754F6A3A66E6070FF741D701A7AD021EAE93340A6584612005BFDA0C", "0EE17D440C828A2F1F3F9C3FDE6036B28E45371AB043D8D00888155801644813", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1381DDC2EB11D20FD35FD5133E3BDD2833703D883F98CAA012F0CFBF823F4A6D", "142CC78D456D60E4C1854BC0E93F8802FF4122A7CF6BFD85E457671E02B96A45", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1736B585D80ED031E004E1AC38E590615C7E0F6FE6AB8A15B1B90CB8EC998277", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1BF3F83E9C70EE854C61B8530F6C49C87B34D98B653CF9884D471690F1C364D6", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "1DC0A9C6D3EFE4EEA571DAAA9286B8F974D5ECF8F3BAAA188781D697B6DC2546", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "2747E3830DAF51B2780DB9863A2F1C153F8615DBA44A0B3E6AC2214663DF92F9", "2D559605991F1CA79052D638B7A30228E86D07AFDF258611970D276D5AA39F4B", "2F9EB7050356C406E631B5274AEC53CACCB554C8B5CBCF823A2680028726AAAC", "3048CBA7FDCF53E63595104F24F428E3014DB1EE5B3AE7E450E0E0C06E5736BB", "306F0F5B9EBAA5A123DBEA7D5C32E94515078239AFA1D40465B7275E07FFDD37", "328EA4EC6B75924B9BAF1379828755E57421F5DD51277D579C2833A7289B6F85", "362D62C684CC4EC1C14D4239144C432AC6F62E6231DC7416F6DEB9B4ED0F1853", "36F32F68F4BFE56F5E777B22269600DC86C75E87FD92A37FAD8AFEC19245E1E9", "370720DD138E7F0A22E9D2EC7B9B753467F08D4E08DA37215653D937EDB0E545", "3D12006C995C2C683E173419369377B400C7252133E8CFEEEC83E09104078893", "4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "46799FCDE18E3EFD375868A79B70BC4BEDEC133C2495D8AA8CF81D91E7DEF01A", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4DCD65078718A8D516F2EEE878B45FE5D131D6C4D4010E935F3E6A750A6D9BB3", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "57CBD94F97013E208754F9AF764D3D11B1DD38D12A2436EA761D2BBFEB325C9A", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "5A3DD1CA1DE13141292D272CF30633991A0D2B5C23FD731A72F0BBDD2A5765F1", "5A8825AD62C7A9668D229174BBF47E909FDDC63BC31C38BE196932E629C1F298", "62D94E8C3A8EC6CD385928958A895F618F48E7DC4CFB2774DDB06F9B648FAC29", "6390A51C827FA9826D05D6F22A5DB62BFFC9752CF836C6B898D5F5BEA5C44130", "63DAB7532D89108F5D2DC3FDE381EF3F537B4BD859941C18E4BAD485F5223BE3", "6A2E92D36FABC1D54E354DFAE40C5959271B5DD0561E7165A41D0F6CCD6A7B7C", "6BDF56F65C3EBB10E9D6B916270F354DC4BD1AA4AC9802AC005A5483ABA6BE36", "6D935781C5050EA24039BF71C8B4C8482A3433E742F37A195E5A4AC607F6C603", "7225EAA4670AED1E5EE9FFAB203E8D2119B1348578CF25E78324793C8AC08B11", "74883CCC877A00E64646F1A01AC3B85889471753497E3ACCE0292F7CF617291F", "7C51F287AE5EB7BF0D2FCB3EE718675AAC64D70CBDBE4FB433F5412B5AC19C41", "7D226D01806C1C59E6610F664A15F9D27774FD340AD97273C9BC5E1EA774E83E", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "82D348B7AC274B1F17A78CC906F5DDC3A5C96BD23F4BB13600CC22F46FFF3EFD", "8343792166570C1EFFDE17C0CE71E2BFA9FAFD2B634FE6633BDB666B9BB31F52", "8575D8248B9DA38940B8C0CCB82D1E07AFCED1CC97BE2C46A21CC51F08DEC7BC", "884111D7226F46589CF10444A056A37556EBDDE3A7C749419D1DC88EBDC66FFB", "88434B8A216FA4E9A7EDA68EE4211C8B663C7638A841826D77EA59C924786031", "8A7CBA2B71D5656EA1045254861664DE723E7E42111C9EB7B46C28B35C734DA5", "8B2DED0C68ECC00A46CE2034FAB93BA0EEB7F806C221A4FD33002EBA16C90F98", "8C9587F7869864B7CD3E6A14F5A82A1980553CACD4F24ED3FEEFB284B9586E16", "8CA25202B2188785FD79C25711FCB5D18446E8C45E64324492D7873E5F5129D6", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "8DF4CCE6D3B3BD6718CF128480B98B065BFD992080DFAD9ADB995CF2532B7EDF", "9565FEEA0E13F1CACE459E1DD36D5E9CAB4712E2148193C52D850073C5948478", "9B0ACFF452374706F764D4FEC5E66F5BE1222C2B9DE832C586470B864A90F392", "9B62CAF06445F7A9F3CB323F735964F6F62E516F86B9B57472BC20182276D3FA", "9CFE387228EDF2444E256198F05B5F01FFC949159C2A45DBC145447CA2120FC2", "9D4CE3C1ABE40F94B4BE3EE8C4ACB8067AFF379F67374E38DF455E5F62978BC9", "A75CF978305062012B0B6A4CC62CA7EB1F166F128DE714368CFD89193833D8DE", "A9B346426D7E045BF1AFCAA04855729B0A1174B2DAF2F97666408FD0C01D4B12", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "B008610A37C6D22744FBFF511A07C43195D3F707766A5E89AB1E4CFCD0DE65C5", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B8CDE2E20BC16C41FC85BA2A86684E11CDAD295FBFA9F508C045F715A67AC321", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BA641051633E4D947A94268037F8B8865B6EE865868B44CAAC2ACF192C454E89", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BF213EBF65AF92778246EF4D81BE5B1C231E52C3E877DD795B29DD878DDC4E68", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C651E37BF4B96F4EB07264F5CD8AF5358C07A1B2AF852ACFC9AC82E9E6722BEB", "CBF5B58619D36ED312FC4688C097EBB0F7663A8786B134805154837BCA67ED12", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CEA8562241BE5A645E85774FF42FC74D03D022DC3900B1FAA02C44BE43266A35", "D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D9BE0065398666E1D67CCC53BE7B141B9D057940F7F6EFEC200D45AA41B346EE", "DB619D9FAE62F2F929F7EA7C2ED8FD4FD65BC9B5917669C3039D6967B8844A95", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E0A58ED8F9D2EAC5F3D7B7629F5373292F4D9CAE0E0ACB4EFB9DF940BFA17EC8", "E67441CCF9840E74E9AC61C45895075B9F65BB9C0A44EFD9BE418AA4A069F2CD", "E6A3CDDEC0E8C0243CCF6E3AE7AAC01B3BFAB2E4DCD3167478C7DABA96539284", "E718305B80885810F902CE850143D8E41B3321E883AB24867E49DDC4822F4153", "EC23E351E4FE33FDC9E685EE0CFDB4521D92C9722E9D00B90A8F918052599569", "F0E62F1700EDD02BA2F3839DDD88EA046C8C342A2FAE608A27D02F8C7F20EE45", "F22F8C611651BB5F2E58AC10F1F1DBEBF4869D3A824C40D9FE14FEE332E57295", "F33744DBAD16E50FE1A09103CDC00190F55E39FC9E177DA8BBD07CB90C26E619", "F4A34005E745D62ED5BBDB831E5D767C24B118051EFDE3423ADF017A2626FD14", "F8A3D4A9CDB2E69EDABA736EFD7D24F77520D958AFA106D11E5EF76D4D31E151", "F967014534DCCC8F81A119D3F6C4F892D3391900CC61B075AAC35C3073D741FA", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "F98C6B1EAC8D235F19136FBD257D2C504AAE6912C5BCB9B73AE39565E359364A", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "FB0E745575ABD33F44D9E76B74AC2CFBE84B2A1963AEE86E3AB5E79959011318", "FB725790185B6C1D6E94DE5593F9324A99EFC707F2DA722AC7D3588D3D90484E"]}, {"type": "ics", "idList": ["ICSA-14-198-03G", "ICSA-17-094-04"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00039"]}, {"type": "kaspersky", "idList": ["KLA10343", "KLA10382", "KLA10460"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578", "KITPLOIT:6228086289371789135"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0255", "MGASA-2014-0325", "MGASA-2015-0022", "MGASA-2016-0338", "MGASA-2016-0408"]}, {"type": "nessus", "idList": ["6022.PRM", "6129.PRM", "6857.PRM", "700510.PRM", "801016.PRM", "801059.PRM", "801065.PRM", "801619.PRM", "8253.PRM", "8354.PRM", "8394.PRM", "8617.PRM", "8830.PASL", "9390.PRM", "9625.PRM", "AIX_OPENSSL_ADVISORY10.NASL", "AIX_OPENSSL_ADVISORY12.NASL", "AIX_OPENSSL_ADVISORY20.NASL", "AIX_OPENSSL_ADVISORY21.NASL", "AIX_OPENSSL_ADVISORY9.NASL", "ALA_ALAS-2012-38.NASL", "ALA_ALAS-2014-349.NASL", "ALA_ALAS-2014-391.NASL", "ALA_ALAS-2015-469.NASL", "ALA_ALAS-2016-755.NASL", "CENTOS_RHSA-2012-0059.NASL", "CENTOS_RHSA-2014-0625.NASL", "CENTOS_RHSA-2014-1052.NASL", "CENTOS_RHSA-2015-0066.NASL", "CENTOS_RHSA-2016-1940.NASL", "CERBERUS_FTP_7_0_0_3.NASL", "CISCO-SA-20140605-OPENSSL-NXOS.NASL", "CISCO-SA-20150310-SSL-NXOS.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "CISCO_ONS_CSCUP24077.NASL", "CISCO_TELEPRESENCE_MCU_CSCUP23994.NASL", "CISCO_TELEPRESENCE_SUPERVISOR_8050_MSE_CSCUP22635.NASL", "CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL", "DEBIAN_DLA-132.NASL", "DEBIAN_DLA-33.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-637.NASL", "DEBIAN_DSA-2950.NASL", "DEBIAN_DSA-2998.NASL", "DEBIAN_DSA-3125.NASL", "DEBIAN_DSA-3673.NASL", "EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2014-079.NASL", "EULEROS_SA-2016-1047.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-1548.NASL", "EULEROS_SA-2020-1420.NASL", "EULEROS_SA-2022-2717.NASL", "F5_BIGIP_SOL15564.NASL", "F5_BIGIP_SOL16126.NASL", "F5_BIGIP_SOL16135.NASL", "F5_BIGIP_SOL23512141.NASL", "FEDORA_2012-0232.NASL", "FEDORA_2012-0250.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-7101.NASL", "FEDORA_2014-7102.NASL", "FEDORA_2014-9301.NASL", "FEDORA_2014-9308.NASL", "FEDORA_2015-0512.NASL", "FEDORA_2015-0601.NASL", "FEDORA_2016-64E0743E16.NASL", "FEDORA_2016-97454404FE.NASL", "FEDORA_2016-A555159613.NASL", "FIREEYE_OS_SB001.NASL", "FORTINET_FG-IR-14-018.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_2ECB7B20D97E11E0B2E200215C6A37BB.NASL", "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "FREEBSD_PKG_4E536C14979111E4977DD050992ECDE8.NASL", "FREEBSD_PKG_5AC53801EC2E11E39CF33C970E169BC2.NASL", "FREEBSD_PKG_78CC8A463E5611E189B4001EC9578670.NASL", "FREEBSD_PKG_8AFF07EB1DBD11E4B6BA3C970E169BC2.NASL", "FREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL", "GENTOO_GLSA-201110-01.NASL", "GENTOO_GLSA-201203-12.NASL", "GENTOO_GLSA-201407-05.NASL", "GENTOO_GLSA-201412-39.NASL", "GENTOO_GLSA-201612-16.NASL", "HPSMH_7_0_0_24.NASL", "HPSMH_7_1_1_1.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_3_3_1.NASL", "HPSMH_7_4_1.NASL", "HPSMH_7_5.NASL", "HP_SUM_6_4_1.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL", "HP_VCA_SSRT101614-RHEL.NASL", "HP_VCA_SSRT101614-SLES.NASL", "HP_VCA_SSRT101614.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "JUNIPER_JSA10629.NASL", "JUNIPER_JSA10649.NASL", "JUNIPER_JSA10679.NASL", "JUNIPER_NSM_JSA10679.NASL", "JUNOS_PULSE_JSA10629.NASL", "LCE_4_8_1.NASL", "LIBREOFFICE_423.NASL", "MACOSX_10_10_3.NASL", "MACOSX_10_11_6.NASL", "MACOSX_10_8_4.NASL", "MACOSX_10_9_5.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_7021.NASL", "MACOSX_FUSION_6_0_4.NASL", "MACOSX_LIBREOFFICE_423.NASL", "MACOSX_SECUPD2013-002.NASL", "MACOSX_SECUPD2014-004.NASL", "MACOSX_SECUPD2015-004.NASL", "MACOSX_VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MANDRIVA_MDVSA-2011-137.NASL", "MANDRIVA_MDVSA-2014-106.NASL", "MANDRIVA_MDVSA-2014-158.NASL", "MANDRIVA_MDVSA-2015-019.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MARIADB_10_0_13.NASL", "MCAFEE_EMAIL_GATEWAY_SB10075.NASL", "MCAFEE_EPO_SB10075.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "MCAFEE_VSEL_SB10075.NASL", "MCAFEE_WEB_GATEWAY_SB10075.NASL", "MYSQL_5_6_34.NASL", "MYSQL_5_6_34_RPM.NASL", "MYSQL_5_7_16.NASL", "MYSQL_5_7_16_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_5_1141.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_1_1112.NASL", "NESSUS_TNS_2016_16.NASL", "OPENSSL_0_9_8S.NASL", "OPENSSL_0_9_8ZA.NASL", "OPENSSL_0_9_8ZB.NASL", "OPENSSL_0_9_8ZD.NASL", "OPENSSL_1_0_0E.NASL", "OPENSSL_1_0_0F.NASL", "OPENSSL_1_0_0M.NASL", "OPENSSL_1_0_0N.NASL", "OPENSSL_1_0_0P.NASL", "OPENSSL_1_0_1H.NASL", "OPENSSL_1_0_1I.NASL", "OPENSSL_1_0_1K.NASL", "OPENSSL_1_0_1T.NASL", "OPENSSL_1_0_1U.NASL", "OPENSSL_1_0_2H.NASL", "OPENSSL_1_0_2I.NASL", "OPENSSL_CCS.NASL", "OPENSSL_CCS_1_0_1.NASL", "OPENSUSE-2012-52.NASL", "OPENSUSE-2013-153.NASL", "OPENSUSE-2014-410.NASL", "OPENSUSE-2014-509.NASL", "OPENSUSE-2015-507.NASL", "OPENSUSE-2015-67.NASL", "OPENSUSE-2016-1130.NASL", "OPENSUSE-2016-1134.NASL", "OPENSUSE-2016-1189.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2018-168.NASL", "ORACLELINUX_ELSA-2012-0059.NASL", "ORACLELINUX_ELSA-2014-0625.NASL", "ORACLELINUX_ELSA-2014-0679.NASL", "ORACLELINUX_ELSA-2014-1052.NASL", "ORACLELINUX_ELSA-2015-0066.NASL", "ORACLELINUX_ELSA-2016-1940.NASL", "ORACLEVM_OVMSA-2014-0012.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2015-0005.NASL", "ORACLEVM_OVMSA-2015-0029.NASL", "ORACLEVM_OVMSA-2015-0030.NASL", "ORACLEVM_OVMSA-2016-0071.NASL", "ORACLEVM_OVMSA-2016-0086.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLE_BI_PUBLISHER_JAN_2018_CPU.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "ORACLE_E-BUSINESS_CPU_OCT_2016.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL", "PFSENSE_SA-14_07.NASL", "PFSENSE_SA-14_14.NASL", "PFSENSE_SA-16_04.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2012-0059.NASL", "REDHAT-RHSA-2012-0109.NASL", "REDHAT-RHSA-2014-0625.NASL", "REDHAT-RHSA-2014-0628.NASL", "REDHAT-RHSA-2014-0629.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2014-1052.NASL", "REDHAT-RHSA-2014-1054.NASL", "REDHAT-RHSA-2015-0066.NASL", "REDHAT-RHSA-2015-0126.NASL", "REDHAT-RHSA-2015-0197.NASL", "REDHAT-RHSA-2016-1940.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SLACKWARE_SSA_2014-156-03.NASL", "SLACKWARE_SSA_2014-220-01.NASL", "SLACKWARE_SSA_2015-009-01.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SLACKWARE_SSA_2016-266-01.NASL", "SL_20120124_OPENSSL_ON_SL6_X.NASL", "SL_20140605_OPENSSL_ON_SL6_X.NASL", "SL_20140813_OPENSSL_ON_SL6_X.NASL", "SL_20150121_OPENSSL_ON_SL6_X.NASL", "SL_20160927_OPENSSL_ON_SL6_X.NASL", "SMB_KB3062760.NASL", "SOLARIS11_OPENSSL_20120404.NASL", "SOLARIS11_OPENSSL_20140623.NASL", "SOLARIS11_OPENSSL_20140915.NASL", "SOLARIS11_OPENSSL_20141014_2.NASL", "SPLUNK_605.NASL", "SPLUNK_606.NASL", "SPLUNK_614.NASL", "SPLUNK_622.NASL", "STUNNEL_5_02.NASL", "STUNNEL_5_03.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-110920.NASL", "SUSE_11_3_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-110920.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_COMPAT-OPENSSL097G-150122.NASL", "SUSE_11_LIBOPENSSL-DEVEL-110920.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140604.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140812.NASL", "SUSE_11_LIBOPENSSL-DEVEL-150112.NASL", "SUSE_OPENSSL-7760.NASL", "SUSE_OPENSSL-7766.NASL", "SUSE_OPENSSL-7923.NASL", "SUSE_SU-2015-0743-1.NASL", "SUSE_SU-2015-0946-1.NASL", "SUSE_SU-2016-2387-1.NASL", "SUSE_SU-2016-2394-1.NASL", "SUSE_SU-2016-2458-1.NASL", "SUSE_SU-2016-2468-1.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_6_0_44.NASL", "TOMCAT_7_0_55.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_7_0_60.NASL", "TOMCAT_8_0_11.NASL", "TOMCAT_8_0_15.NASL", "TOMCAT_8_0_21.NASL", "UBUNTU_USN-1357-1.NASL", "UBUNTU_USN-2232-1.NASL", "UBUNTU_USN-2232-2.NASL", "UBUNTU_USN-2232-3.NASL", "UBUNTU_USN-2232-4.NASL", "UBUNTU_USN-2308-1.NASL", "UBUNTU_USN-2459-1.NASL", "UBUNTU_USN-3087-1.NASL", "UBUNTU_USN-3087-2.NASL", "VIRTUALBOX_5_0_22.NASL", "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "VMWARE_HORIZON_VIEW_VMSA-2014-0006.NASL", "VMWARE_OVFTOOL_VMSA_2014-0006.NASL", "VMWARE_PLAYER_LINUX_6_0_3.NASL", "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL", "VMWARE_VCENTER_CONVERTER_2014-0006.NASL", "VMWARE_VCENTER_CONVERTER_2014-0010.NASL", "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "VMWARE_VCENTER_SERVER_APPLIANCE_2014-0006.NASL", "VMWARE_VCENTER_SUPPORT_ASSISTANT_2014-0006.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0006.NASL", "VMWARE_VCENTER_VMSA-2014-0006.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL", "VMWARE_VMSA-2014-0006.NASL", "VMWARE_VMSA-2014-0006_REMOTE.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "WINSCP_5_5_4.NASL", "WINSCP_5_5_5.NASL", "XEROX_XRX15AO_COLORQUBE.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:OPENSSL-MAY-2016", "NODEJSBLOG:SEPTEMBER-2016-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2011-3210", "OPENSSL:CVE-2011-4577", "OPENSSL:CVE-2014-3470", "OPENSSL:CVE-2014-3507", "OPENSSL:CVE-2014-3511", "OPENSSL:CVE-2014-3572", "OPENSSL:CVE-2015-0205", "OPENSSL:CVE-2015-0206", "OPENSSL:CVE-2016-2176", "OPENSSL:CVE-2016-2179"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:1361412562310103394", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310105044", "OPENVAS:1361412562310105045", "OPENVAS:1361412562310105057", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105203", "OPENVAS:1361412562310105209", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310106262", "OPENVAS:1361412562310106267", "OPENVAS:1361412562310106355", "OPENVAS:1361412562310106356", "OPENVAS:1361412562310107048", "OPENVAS:1361412562310107049", "OPENVAS:1361412562310108772", "OPENVAS:1361412562310120204", "OPENVAS:1361412562310120249", "OPENVAS:1361412562310120456", "OPENVAS:1361412562310120468", "OPENVAS:1361412562310120744", "OPENVAS:1361412562310121244", "OPENVAS:1361412562310121325", "OPENVAS:1361412562310122006", "OPENVAS:1361412562310123178", "OPENVAS:1361412562310123203", "OPENVAS:1361412562310123331", "OPENVAS:1361412562310123365", "OPENVAS:1361412562310123403", "OPENVAS:1361412562310140019", "OPENVAS:1361412562310140047", "OPENVAS:1361412562310141826", "OPENVAS:136141256231070248", "OPENVAS:1361412562310702950", "OPENVAS:1361412562310702998", "OPENVAS:1361412562310703125", "OPENVAS:1361412562310703673", "OPENVAS:136141256231070756", "OPENVAS:136141256231070764", "OPENVAS:136141256231071196", "OPENVAS:1361412562310804061", "OPENVAS:1361412562310807569", "OPENVAS:1361412562310807570", "OPENVAS:1361412562310809417", "OPENVAS:1361412562310809955", "OPENVAS:1361412562310810227", "OPENVAS:1361412562310831454", "OPENVAS:1361412562310840887", "OPENVAS:1361412562310841843", "OPENVAS:1361412562310841854", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841924", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310842062", "OPENVAS:1361412562310842896", "OPENVAS:1361412562310842898", "OPENVAS:1361412562310850181", "OPENVAS:1361412562310850590", "OPENVAS:1361412562310850591", "OPENVAS:1361412562310850630", "OPENVAS:1361412562310850678", "OPENVAS:1361412562310850751", "OPENVAS:1361412562310850827", "OPENVAS:1361412562310850960", "OPENVAS:1361412562310850981", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851397", "OPENVAS:1361412562310851399", "OPENVAS:1361412562310851412", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310863683", "OPENVAS:1361412562310864019", "OPENVAS:1361412562310867850", "OPENVAS:1361412562310867851", "OPENVAS:1361412562310868079", "OPENVAS:1361412562310868082", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868921", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310870668", "OPENVAS:1361412562310871172", "OPENVAS:1361412562310871183", "OPENVAS:1361412562310871227", "OPENVAS:1361412562310871300", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871989", "OPENVAS:1361412562310881066", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310881988", "OPENVAS:1361412562310882005", "OPENVAS:1361412562310882095", "OPENVAS:1361412562310882101", "OPENVAS:1361412562310882566", "OPENVAS:1361412562310882569", "OPENVAS:1361412562311220161047", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220191548", "OPENVAS:1361412562311220201420", "OPENVAS:1361412562311220201637", "OPENVAS:70248", "OPENVAS:702950", "OPENVAS:702998", "OPENVAS:703125", "OPENVAS:703673", "OPENVAS:70756", "OPENVAS:70764", "OPENVAS:71196", "OPENVAS:831454", "OPENVAS:840887", "OPENVAS:850181", "OPENVAS:863683", "OPENVAS:864019", "OPENVAS:870668", "OPENVAS:881066"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0059", "ELSA-2014-0625", "ELSA-2014-0679", "ELSA-2014-1052", "ELSA-2014-1652", "ELSA-2015-0066", "ELSA-2015-1197", "ELSA-2015-2616", "ELSA-2015-3010", "ELSA-2015-3022", "ELSA-2016-0302", "ELSA-2016-1137", "ELSA-2016-1940", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:CVE-2016-2176", "OSV:CVE-2016-2179", "OSV:DLA-0003-1", "OSV:DLA-132-1", "OSV:DLA-33-1", "OSV:DLA-456-1", "OSV:DLA-637-1", "OSV:DSA-2950-1", "OSV:DSA-2998-1", "OSV:DSA-3125-1", "OSV:DSA-3673-1", "OSV:DSA-3673-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0020", "PAN-SA-2016-0023"]}, {"type": "redhat", "idList": ["RHSA-2012:0059", "RHSA-2012:0109", "RHSA-2014:0625", "RHSA-2014:0628", "RHSA-2014:0629", "RHSA-2014:0679", "RHSA-2014:1052", "RHSA-2014:1054", "RHSA-2015:0066", "RHSA-2015:0126", "RHSA-2015:0197", "RHSA-2016:1940"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2176", "RH:CVE-2016-2179"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29464", "SECURITYVULNS:DOC:31041", "SECURITYVULNS:DOC:31090", "SECURITYVULNS:DOC:31591", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:DOC:32423", "SECURITYVULNS:DOC:32492", "SECURITYVULNS:DOC:32493", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:VULN:11981", "SECURITYVULNS:VULN:13810", "SECURITYVULNS:VULN:13908", "SECURITYVULNS:VULN:13971", "SECURITYVULNS:VULN:14192", "SECURITYVULNS:VULN:14366", "SECURITYVULNS:VULN:14678"]}, {"type": "slackware", "idList": ["SSA-2014-156-03", "SSA-2014-220-01", "SSA-2015-009-01", "SSA-2016-124-01", "SSA-2016-266-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0083-1", "OPENSUSE-SU-2014:0764-1", "OPENSUSE-SU-2014:0765-1", "OPENSUSE-SU-2015:0130-1", "OPENSUSE-SU-2015:1277-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:2391-1", "OPENSUSE-SU-2016:2407-1", "OPENSUSE-SU-2016:2537-1", "OPENSUSE-SU-2018:0458-1", "SUSE-SU-2012:0084-1", "SUSE-SU-2014:0759-1", "SUSE-SU-2014:0759-2", "SUSE-SU-2014:0761-1", "SUSE-SU-2014:0762-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2015:0743-1", "SUSE-SU-2015:0946-1", "SUSE-SU-2016:2387-1", "SUSE-SU-2016:2394-1", "SUSE-SU-2016:2458-1", "SUSE-SU-2016:2468-1", "SUSE-SU-2016:2469-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}, {"type": "symantec", "idList": ["SMNTC-1363", "SMNTC-1382"]}, {"type": "thn", "idList": ["THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "ubuntu", "idList": ["USN-1357-1", "USN-2232-1", "USN-2232-2", "USN-2232-3", "USN-2232-4", "USN-2308-1", "USN-2459-1", "USN-3087-1", "USN-3087-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-3210", "UB:CVE-2011-4577", "UB:CVE-2014-3470", "UB:CVE-2014-3507", "UB:CVE-2014-3511", "UB:CVE-2014-3572", "UB:CVE-2015-0205", "UB:CVE-2015-0206", "UB:CVE-2016-2176", "UB:CVE-2016-2179"]}, {"type": "veracode", "idList": ["VERACODE:24976"]}, {"type": "vmware", "idList": ["VMSA-2012-0013", "VMSA-2012-0013.2", "VMSA-2014-0006", "VMSA-2014-0006.11"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-391", "ALAS-2015-469"]}, {"type": "apple", "idList": ["APPLE:HT206903"]}, {"type": "archlinux", "idList": ["ASA-201605-3"]}, {"type": "centos", "idList": ["CESA-2012:0059", "CESA-2014:0625", "CESA-2014:1052", "CESA-2015:0066", "CESA-2016:1940"]}, {"type": "cert", "idList": ["VU:737740"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-171", "CPAI-2014-1991"]}, {"type": "cisco", "idList": ["CISCO-SA-20150310-SSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:927660022E9A31CE680A6AE3AFF33997"]}, {"type": "cve", "idList": ["CVE-2011-3210", "CVE-2011-4577", "CVE-2016-2176"]}, {"type": "debian", "idList": ["DEBIAN:DLA-132-1:941A7", "DEBIAN:DLA-33-1:85002", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-2998-1:7D1C0", "DEBIAN:DSA-3125-1:8906F", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3507"]}, {"type": "f5", "idList": ["F5:K15564", "F5:K15573", "F5:K16135", "SOL07538415", "SOL15314", "SOL47145213"]}, {"type": "fedora", "idList": ["FEDORA:4227660CA765", "FEDORA:997B660D68A4", "FEDORA:A271421BA0", "FEDORA:CA868607A1CD", "FEDORA:DDD696087CE5", "FEDORA:E67696087B8D"]}, {"type": "fortinet", "idList": ["FG-IR-14-018"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "2ECB7B20-D97E-11E0-B2E2-00215C6A37BB", "78CC8A46-3E56-11E1-89B4-001EC9578670"]}, {"type": "gentoo", "idList": ["GLSA-201203-12"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL", "HUAWEI-SA-20141008-OPENSSL"]}, {"type": "ibm", "idList": ["4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "583215B42F049307CBBCA8930CB40F87016DA7B011EFC8B5B01AB18DCA1B1F3E", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BF213EBF65AF92778246EF4D81BE5B1C231E52C3E877DD795B29DD878DDC4E68", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "F33744DBAD16E50FE1A09103CDC00190F55E39FC9E177DA8BBD07CB90C26E619", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "F98C6B1EAC8D235F19136FBD257D2C504AAE6912C5BCB9B73AE39565E359364A"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "kaspersky", "idList": ["KLA10382"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2014-3470/", "MSF:ILITIES/CENTOS_LINUX-CVE-2014-3507/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2014-3470/"]}, {"type": "nessus", "idList": ["801065.PRM", "AIX_OPENSSL_ADVISORY20.NASL", "AIX_OPENSSL_ADVISORY9.NASL", "ALA_ALAS-2012-38.NASL", "CISCO-SA-20140605-OPENSSL-NXOS.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DSA-3125.NASL", "F5_BIGIP_SOL16135.NASL", "FEDORA_2012-18035.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2015-0601.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL", "HPSMH_7_3_3_1.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "LIBREOFFICE_423.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MANDRIVA_MDVSA-2011-137.NASL", "MARIADB_10_0_13.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "OPENSSL_1_0_0M.NASL", "OPENSUSE-2014-509.NASL", "OPENSUSE-2016-294.NASL", "ORACLELINUX_ELSA-2014-1052.NASL", "ORACLEVM_OVMSA-2014-0012.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2015-0126.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SLACKWARE_SSA_2014-220-01.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SPLUNK_614.NASL", "SPLUNK_622.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120111.NASL", "SUSE_OPENSSL-7923.NASL", "UBUNTU_USN-1357-1.NASL", "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2011-4577", "OPENSSL:CVE-2014-3507"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105158", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310106267", "OPENVAS:1361412562310122006", "OPENVAS:1361412562310123178", "OPENVAS:1361412562310123331", "OPENVAS:136141256231070248", "OPENVAS:136141256231070756", "OPENVAS:1361412562310831454", "OPENVAS:1361412562310841843", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310864019", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310882095", "OPENVAS:702950", "OPENVAS:703125", "OPENVAS:881066"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJUL2015-2367936", "ORACLE:CPUOCT2017-3236626"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0625"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0023"]}, {"type": "redhat", "idList": ["RHSA-2014:0625", "RHSA-2015:0126"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2176"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31090", "SECURITYVULNS:VULN:13908"]}, {"type": "slackware", "idList": ["SSA-2014-156-03"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0759-1", "SUSE-SU-2015:0946-1"]}, {"type": "symantec", "idList": ["SMNTC-1363"]}, {"type": "thn", "idList": ["THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "ubuntu", "idList": ["USN-2232-1", "USN-2232-2", "USN-2232-3", "USN-2232-4", "USN-2308-1", "USN-2459-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3511", "UB:CVE-2015-0205"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-3210", "epss": "0.304660000", "percentile": "0.962350000", "modified": "2023-03-15"}, {"cve": "CVE-2011-4577", "epss": "0.106370000", "percentile": "0.940960000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3470", "epss": "0.974140000", "percentile": "0.998490000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3507", "epss": "0.940460000", "percentile": "0.986230000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3511", "epss": "0.007180000", "percentile": "0.775560000", "modified": "2023-03-15"}, {"cve": "CVE-2014-3572", "epss": "0.008800000", "percentile": "0.800240000", "modified": "2023-03-15"}, {"cve": "CVE-2015-0205", "epss": "0.010060000", "percentile": "0.813770000", "modified": "2023-03-15"}, {"cve": "CVE-2015-0206", "epss": "0.939780000", "percentile": "0.986120000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2176", "epss": "0.066720000", "percentile": "0.926690000", "modified": "2023-03-15"}, {"cve": "CVE-2016-2179", "epss": "0.022460000", "percentile": "0.878020000", "modified": "2023-03-15"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1673453919, "score": 1673455684, "epss": 1678948511}, "_internal": {"score_hash": "6c0faccc1e2afd354a5506e331df731b"}, "pluginID": "137479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137479);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-3210\",\n \"CVE-2011-4577\",\n \"CVE-2014-3470\",\n \"CVE-2014-3507\",\n \"CVE-2014-3511\",\n \"CVE-2014-3572\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2016-2176\",\n \"CVE-2016-2179\"\n );\n script_bugtraq_id(\n 49471,\n 51281,\n 67898,\n 69078,\n 69079,\n 71940,\n 71941,\n 71942\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2020-1637)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The DTLS implementation in OpenSSL before 1.1.0 does\n not properly restrict the lifetime of queue entries\n associated with unused out-of-order messages, which\n allows remote attackers to cause a denial of service\n (memory consumption) by maintaining many crafted DTLS\n sessions simultaneously, related to d1_lib.c,\n statem_dtls.c, statem_lib.c, and\n statem_srvr.c.(CVE-2016-2179)\n\n - OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC\n 3779 support is enabled, allows remote attackers to\n cause a denial of service (assertion failure) via an\n X.509 certificate containing certificate-extension data\n associated with (1) IP address blocks or (2) Autonomous\n System (AS) identifiers.(CVE-2011-4577)\n\n - Memory leak in the dtls1_buffer_record function in\n d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1\n before 1.0.1k allows remote attackers to cause a denial\n of service (memory consumption) by sending many\n duplicate records for the next epoch, leading to\n failure of replay detection.(CVE-2015-0206)\n\n - The ephemeral ECDH ciphersuite functionality in OpenSSL\n 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not\n ensure thread safety during processing of handshake\n messages from clients, which allows remote attackers to\n cause a denial of service (daemon crash) via\n out-of-order messages that violate the TLS\n protocol.(CVE-2011-3210)\n\n - The X509_NAME_oneline function in\n crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and\n 1.0.2 before 1.0.2h allows remote attackers to obtain\n sensitive information from process stack memory or\n cause a denial of service (buffer over-read) via\n crafted EBCDIC ASN.1 data.(CVE-2016-2176)\n\n - The ssl3_get_cert_verify function in s3_srvr.c in\n OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k\n accepts client authentication with a Diffie-Hellman\n (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access\n without knowledge of a private key via crafted TLS\n Handshake Protocol traffic to a server that recognizes\n a Certification Authority with DH\n support.(CVE-2015-0205)\n\n - The ssl3_get_key_exchange function in s3_clnt.c in\n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1\n before 1.0.1k allows remote SSL servers to conduct\n ECDHE-to-ECDH downgrade attacks and trigger a loss of\n forward secrecy by omitting the ServerKeyExchange\n message.(CVE-2014-3572)\n\n - Memory leak in d1_both.c in the DTLS implementation in\n OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and\n 1.0.1 before 1.0.1i allows remote attackers to cause a\n denial of service (memory consumption) via zero-length\n DTLS fragments that trigger improper handling of the\n return value of a certain insert\n function.(CVE-2014-3507)\n\n - The ssl23_get_client_hello function in s23_srvr.c in\n OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle\n attackers to force the use of TLS 1.0 by triggering\n ClientHello message fragmentation in communication\n between a client and server that both support later TLS\n versions, related to a 'protocol downgrade'\n issue.(CVE-2014-3511)\n\n - The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and\n 1.0.1 before 1.0.1h, when an anonymous ECDH cipher\n suite is used, allows remote attackers to cause a\n denial of service (NULL pointer dereference and client\n crash) by triggering a NULL certificate\n value.(CVE-2014-3470)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1637\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27f046c9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h21\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected openssl098e packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "vendor_cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.1"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-06-16T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2020-06-17T15:50:43", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-06-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1637)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3210", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3507", "CVE-2011-4577", "CVE-2014-3511", "CVE-2014-3470", "CVE-2016-2176", "CVE-2015-0205", "CVE-2016-2179"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201637", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1637\");\n script_version(\"2020-06-16T05:47:36+0000\");\n script_cve_id(\"CVE-2011-3210\", \"CVE-2011-4577\", \"CVE-2014-3470\", \"CVE-2014-3507\", \"CVE-2014-3511\", \"CVE-2014-3572\", \"CVE-2015-0205\", \"CVE-2015-0206\", \"CVE-2016-2176\", \"CVE-2016-2179\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:47:36 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:47:36 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1637)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1637\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1637\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl098e' package(s) announced via the EulerOS-SA-2020-1637 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.(CVE-2016-2179)\n\nOpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.(CVE-2011-4577)\n\nMemory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.(CVE-2015-0206)\n\nThe ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.(CVE-2011-3210)\n\nThe X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.(CVE-2016-2176)\n\nThe ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.(CVE-2015-0205)\n\nThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.(CVE-2014-3572)\n\nMemory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.( ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'openssl098e' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.3.h21\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Check the version of openssl", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:0066 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882095", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:0066 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882095\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:56:36 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2015:0066 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected.\nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates.\nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key.\nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0066\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-January/020885.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2459-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2459-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842062\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:58:57 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\",\n \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for openssl USN-2459-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Pieter Wuille discovered that OpenSSL\nincorrectly handled Bignum squaring. (CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted\nDTLS messages. A remote attacker could use this issue to cause OpenSSL to\ncrash, resulting in a denial of service. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could possibly use this issue to downgrade to\nECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote\nattacker could possibly use this issue to trick certain applications that\nrely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nkey exchanges. A remote attacker could possibly use this issue to downgrade\nthe security of the session to EXPORT_RSA. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. A remote attacker could possibly use this issue to\nauthenticate without the use of a private key in certain limited scenarios.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when\nprocessing DTLS records. A remote attacker could use this issue to cause\nOpenSSL to consume resources, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10.\n(CVE-2015-0206)\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2459-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2459-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu9.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu9.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.21\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.23\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:03", "description": "Check the version of openssl", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2015:0066 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882101", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2015:0066 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882101\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:57:35 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for openssl CESA-2015:0066 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected.\nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates.\nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key.\nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0066\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-January/020884.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~30.el6_6.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~30.el6_6.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~30.el6_6.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~30.el6_6.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "openvas", "title": "RedHat Update for openssl RHSA-2015:0066-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871300", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2015:0066-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871300\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 12:55:22 +0100 (Fri, 23 Jan 2015)\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\",\n \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for openssl RHSA-2015:0066-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected.\nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates.\nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key.\nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0066-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-January/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~30.el6_6.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~30.el6_6.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~30.el6_6.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:23", "description": "Oracle Linux Local Security Checks ELSA-2015-0066", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0066", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0066.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123203\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0066\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0066 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0066\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0066.html\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~30.el6_6.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~30.el6_6.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~30.el6_6.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~30.el6_6.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-14T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2015-0512", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0206", "CVE-2014-3571", "CVE-2014-3570", "CVE-2015-0205"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868921", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868921", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2015-0512\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868921\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-14 05:57:17 +0100 (Wed, 14 Jan 2015)\");\n script_cve_id(\"CVE-2014-3571\", \"CVE-2015-0206\", \"CVE-2015-0205\", \"CVE-2014-3570\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for openssl FEDORA-2015-0512\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0512\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T22:58:43", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-469)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120456", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120456\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:46 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-469)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-469.html\");\n script_cve_id(\"CVE-2014-3571\", \"CVE-2014-3570\", \"CVE-2014-3572\", \"CVE-2014-3569\", \"CVE-2014-8275\", \"CVE-2015-0205\", \"CVE-2015-0204\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~1.82.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1k~1.82.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1k~1.82.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~1.82.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1k~1.82.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:52:38", "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-3569\nFrank Schmirler reported that the ssl23_get_client_hello function in\nOpenSSL does not properly handle attempts to use unsupported\nprotocols. When OpenSSL is built with the no-ssl3 option and a SSL\nv3 ClientHello is received, the ssl method would be set to NULL which\ncould later result in a NULL pointer dereference and daemon crash.\n\nCVE-2014-3570\nPieter Wuille of Blockstream reported that the bignum squaring\n(BN_sqr) may produce incorrect results on some platforms, which\nmight make it easier for remote attackers to defeat cryptographic\nprotection mechanisms.\n\nCVE-2014-3571\nMarkus Stenberg of Cisco Systems, Inc. reported that a carefully\ncrafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. A remote attacker could use this flaw\nto mount a denial of service attack.\n\nCVE-2014-3572\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL client would accept a handshake using an ephemeral ECDH\nciphersuite if the server key exchange message is omitted. This\nallows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\nand trigger a loss of forward secrecy.\n\nCVE-2014-8275\nAntti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\nand Konrad Kraszewski of Google reported various certificate\nfingerprint issues, which allow remote attackers to defeat a\nfingerprint-based certificate-blacklist protection mechanism.\n\nCVE-2015-0204\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that\nan OpenSSL client will accept the use of an ephemeral RSA key in a\nnon-export RSA key exchange ciphersuite, violating the TLS\nstandard. This allows remote SSL servers to downgrade the security\nof the session.\n\nCVE-2015-0205\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This flaw\neffectively allows a client to authenticate without the use of a\nprivate key via crafted TLS handshake protocol traffic to a server\nthat recognizes a certification authority with DH support.\n\nCVE-2015-0206\nChris Mueller discovered a memory leak in the dtls1_buffer_record\nfunction. A remote attacker could exploit this flaw to mount a\ndenial of service through memory exhaustion by repeatedly sending\nspecially crafted DTLS records.", "cvss3": {}, "published": "2015-01-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3125-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703125", "href": "http://plugins.openvas.org/nasl.php?oid=703125", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3125.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3125-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703125);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\",\n \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_name(\"Debian Security Advisory DSA 3125-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-11 00:00:00 +0100 (Sun, 11 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3125.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.0.1e-2+deb7u14.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-3569\nFrank Schmirler reported that the ssl23_get_client_hello function in\nOpenSSL does not properly handle attempts to use unsupported\nprotocols. When OpenSSL is built with the no-ssl3 option and a SSL\nv3 ClientHello is received, the ssl method would be set to NULL which\ncould later result in a NULL pointer dereference and daemon crash.\n\nCVE-2014-3570\nPieter Wuille of Blockstream reported that the bignum squaring\n(BN_sqr) may produce incorrect results on some platforms, which\nmight make it easier for remote attackers to defeat cryptographic\nprotection mechanisms.\n\nCVE-2014-3571\nMarkus Stenberg of Cisco Systems, Inc. reported that a carefully\ncrafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. A remote attacker could use this flaw\nto mount a denial of service attack.\n\nCVE-2014-3572\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL client would accept a handshake using an ephemeral ECDH\nciphersuite if the server key exchange message is omitted. This\nallows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\nand trigger a loss of forward secrecy.\n\nCVE-2014-8275\nAntti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\nand Konrad Kraszewski of Google reported various certificate\nfingerprint issues, which allow remote attackers to defeat a\nfingerprint-based certificate-blacklist protection mechanism.\n\nCVE-2015-0204\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that\nan OpenSSL client will accept the use of an ephemeral RSA key in a\nnon-export RSA key exchange ciphersuite, violating the TLS\nstandard. This allows remote SSL servers to downgrade the security\nof the session.\n\nCVE-2015-0205\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This flaw\neffectively allows a client to authenticate without the use of a\nprivate key via crafted TLS handshake protocol traffic to a server\nthat recognizes a certification authority with DH support.\n\nCVE-2015-0206\nChris Mueller discovered a memory leak in the dtls1_buffer_record\nfunction. A remote attacker could exploit this flaw to mount a\ndenial of service through memory exhaustion by repeatedly sending\nspecially crafted DTLS records.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u14\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-10-09T15:19:32", "description": "Multiple Cisco products incorporate a version of the OpenSSL package\n affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause\n a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project\n released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:\n\n - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability\n\n - CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability\n\n - CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability\n\n - CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability\n\n - CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability\n\n - CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability\n\n - CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability\n\n - CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310105679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105679\");\n script_cve_id(\"CVE-2014-3571\", \"CVE-2015-0206\", \"CVE-2014-3569\", \"CVE-2014-3572\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2014-8275\", \"CVE-2014-3570\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\");\n\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"Multiple Cisco products incorporate a version of the OpenSSL package\n affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause\n a denial of service condition or perform a man-in-the-middle attack. On January 8, 2015, the OpenSSL Project\n released a security advisory detailing eight distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:\n\n - CVE-2014-3571: OpenSSL DTLS Message Processing Denial of Service Vulnerability\n\n - CVE-2015-0206: OpenSSL dtls1_buffer_record Function DTLS Message Processing Denial of Service Vulnerability\n\n - CVE-2014-3569: OpenSSL no-ssl3 Option NULL Pointer Dereference Vulnerability\n\n - CVE-2014-3572: OpenSSL Elliptic Curve Cryptographic Downgrade Vulnerability\n\n - CVE-2015-0204: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability\n\n - CVE-2015-0205: OpenSSL Diffie-Hellman Certificate Validation Authentication Bypass Vulnerability\n\n - CVE-2014-8275: OpenSSL Certificate Fingerprint Validation Vulnerability\n\n - CVE-2014-3570: OpenSSL BN_sql Function Incorrect Mathematical Results Issue\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 10:55:20 +0200 (Tue, 10 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '3.3.0S',\n '3.3.1S',\n '3.3.2S',\n '3.4.0S',\n '3.4.1S',\n '3.4.2S',\n '3.4.3S',\n '3.4.4S',\n '3.4.5S',\n '3.4.6S',\n '3.5.0S',\n '3.5.1S',\n '3.5.2S',\n '3.6.0S',\n '3.6.1S',\n '3.6.2S',\n '3.7.0S',\n '3.7.1S',\n '3.7.2S',\n '3.7.3S',\n '3.7.4S',\n '3.7.5S',\n '3.7.6S',\n '3.8.0S',\n '3.8.1S',\n '3.8.2S',\n '3.9.0S',\n '3.9.1S',\n '3.9.2S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T18:37:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2015:0130-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850630", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850630", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850630\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-01-24 05:48:38 +0100 (Sat, 24 Jan 2015)\");\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2015:0130-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"openssl was updated to 1.0.1k to fix various security issues and bugs.\n\n The following issues were fixed:\n\n * CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced\n incorrect results on some platforms, including x86_64.\n\n * CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in\n the listen state where you get two separate reads performed - one for\n the header and one for the body of the handshake record.\n\n * CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral\n ECDH ciphersuites with the server key exchange message omitted.\n\n * CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.\n\n * CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export\n ciphersuites\n\n * CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client\n certificates without sending certificate verify message.\n\n * CVE-2015-0206 (bsc#912292): A memory leak was fixed in\n dtls1_buffer_record.\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0130-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.1k~11.64.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "description": "Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-3569\nFrank Schmirler reported that the ssl23_get_client_hello function in\nOpenSSL does not properly handle attempts to use unsupported\nprotocols. When OpenSSL is built with the no-ssl3 option and a SSL\nv3 ClientHello is received, the ssl method would be set to NULL which\ncould later result in a NULL pointer dereference and daemon crash.\n\nCVE-2014-3570\nPieter Wuille of Blockstream reported that the bignum squaring\n(BN_sqr) may produce incorrect results on some platforms, which\nmight make it easier for remote attackers to defeat cryptographic\nprotection mechanisms.\n\nCVE-2014-3571\nMarkus Stenberg of Cisco Systems, Inc. reported that a carefully\ncrafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. A remote attacker could use this flaw\nto mount a denial of service attack.\n\nCVE-2014-3572\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL client would accept a handshake using an ephemeral ECDH\nciphersuite if the server key exchange message is omitted. This\nallows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\nand trigger a loss of forward secrecy.\n\nCVE-2014-8275\nAntti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\nand Konrad Kraszewski of Google reported various certificate\nfingerprint issues, which allow remote attackers to defeat a\nfingerprint-based certificate-blacklist protection mechanism.\n\nCVE-2015-0204\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that\nan OpenSSL client will accept the use of an ephemeral RSA key in a\nnon-export RSA key exchange ciphersuite, violating the TLS\nstandard. This allows remote SSL servers to downgrade the security\nof the session.\n\nCVE-2015-0205\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This flaw\neffectively allows a client to authenticate without the use of a\nprivate key via crafted TLS handshake protocol traffic to a server\nthat recognizes a certification authority with DH support.\n\nCVE-2015-0206\nChris Mueller discovered a memory leak in the dtls1_buffer_record\nfunction. A remote attacker could exploit this flaw to mount a\ndenial of service through memory exhaustion by repeatedly sending\nspecially crafted DTLS records.", "cvss3": {}, "published": "2015-01-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3125-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-0204", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703125", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3125.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3125-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703125\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\",\n \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_name(\"Debian Security Advisory DSA 3125-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-11 00:00:00 +0100 (Sun, 11 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3125.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.0.1e-2+deb7u14.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been\ndiscovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities\nand Exposures project identifies the following issues:\n\nCVE-2014-3569\nFrank Schmirler reported that the ssl23_get_client_hello function in\nOpenSSL does not properly handle attempts to use unsupported\nprotocols. When OpenSSL is built with the no-ssl3 option and a SSL\nv3 ClientHello is received, the ssl method would be set to NULL which\ncould later result in a NULL pointer dereference and daemon crash.\n\nCVE-2014-3570\nPieter Wuille of Blockstream reported that the bignum squaring\n(BN_sqr) may produce incorrect results on some platforms, which\nmight make it easier for remote attackers to defeat cryptographic\nprotection mechanisms.\n\nCVE-2014-3571\nMarkus Stenberg of Cisco Systems, Inc. reported that a carefully\ncrafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. A remote attacker could use this flaw\nto mount a denial of service attack.\n\nCVE-2014-3572\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL client would accept a handshake using an ephemeral ECDH\nciphersuite if the server key exchange message is omitted. This\nallows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\nand trigger a loss of forward secrecy.\n\nCVE-2014-8275\nAntti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\nand Konrad Kraszewski of Google reported various certificate\nfingerprint issues, which allow remote attackers to defeat a\nfingerprint-based certificate-blacklist protection mechanism.\n\nCVE-2015-0204\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that\nan OpenSSL client will accept the use of an ephemeral RSA key in a\nnon-export RSA key exchange ciphersuite, violating the TLS\nstandard. This allows remote SSL servers to downgrade the security\nof the session.\n\nCVE-2015-0205\nKarthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\nOpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This flaw\neffectively allows a client to authenticate without the use of a\nprivate key via crafted TLS handshake protocol traffic to a server\nthat recognizes a certification authority with DH support.\n\nCVE-2015-0206\nChris Mueller discovered a memory leak in the dtls1_buffer_record\nfunction. A remote attacker could exploit this flaw to mount a\ndenial of service through memory exhaustion by repeatedly sending\nspecially crafted DTLS records.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u14\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T16:58:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1420)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2179"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201420", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1420\");\n script_version(\"2020-04-16T05:51:20+0000\");\n script_cve_id(\"CVE-2016-2179\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:51:20 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:51:20 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1420)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1420\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1420\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl098e' package(s) announced via the EulerOS-SA-2020-1420 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.(CVE-2016-2179)\");\n\n script_tag(name:\"affected\", value:\"'openssl098e' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.3.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T18:44:34", "description": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.", "cvss3": {}, "published": "2016-11-03T00:00:00", "type": "openvas", "title": "F5 BIG-IP - SOL23512141 - OpenSSL vulnerability CVE-2016-2179", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2179"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562310140047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL23512141 - OpenSSL vulnerability CVE-2016-2179\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140047\");\n script_cve_id(\"CVE-2016-2179\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL23512141 - OpenSSL vulnerability CVE-2016-2179\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/23/sol23512141.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-03 10:23:10 +0100 (Thu, 03 Nov 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '12.0.0-12.1.1;11.4.0-11.6.1;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '12.0.0-12.1.1;11.5.0-11.6.1;',\n 'unaffected', '11.4.0-11.4.1;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '12.0.0-12.1.1;11.5.0-11.6.1;',\n 'unaffected', '11.4.0-11.4.1;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.2.1;',\n 'unaffected', '12.0.0-12.1.1;11.4.0-11.6.1;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '12.0.0-12.1.1;11.4.0-11.6.1;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '12.0.0-12.1.1;11.4.0-11.6.1;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '11.4.0-11.6.1;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '12.0.0-12.1.1;11.4.0-11.6.1;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '12.0.0-12.1.1;11.5.0-11.6.1;',\n 'unaffected', '11.4.0-11.4.1;' );\n\ncheck_f5['PSM'] = make_array( 'affected', '11.2.1;10.2.1-10.2.4;',\n 'unaffected', '11.4.0-11.4.1;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:13:34", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3210", "CVE-2011-3207"], "modified": "2017-02-25T00:00:00", "id": "OPENVAS:70248", "href": "http://plugins.openvas.org/nasl.php?oid=70248", "sourceData": "#\n#VID 2ecb7b20-d97e-11e0-b2e2-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 2ecb7b20-d97e-11e0-b2e2-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssl.org/news/secadv_20110906.txt\nhttp://www.vuxml.org/freebsd/2ecb7b20-d97e-11e0-b2e2-00215c6a37bb.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70248);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-3210\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0\")>=0 && revcomp(a:bver, b:\"1.0.0_6\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>=0 && revcomp(a:bver, b:\"1.0.0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2011-09-21T00:00:00", "type": "openvas", "title": "FreeBSD Ports: openssl", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3210", "CVE-2011-3207"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231070248", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070248", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_openssl4.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 2ecb7b20-d97e-11e0-b2e2-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70248\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-3210\");\n script_name(\"FreeBSD Ports: openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: openssl\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20110906.txt\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/2ecb7b20-d97e-11e0-b2e2-00215c6a37bb.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0\")>=0 && revcomp(a:bver, b:\"1.0.0_6\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"0.9.8\")>=0 && revcomp(a:bver, b:\"1.0.0\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2015-0601", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3566", "CVE-2014-3572", "CVE-2015-0206", "CVE-2013-6449", "CVE-2014-3507", "CVE-2014-3571", "CVE-2014-3513", "CVE-2014-0224", "CVE-2014-3511", "CVE-2014-8275", "CVE-2014-3570", "CVE-2014-3470", "CVE-2014-3506", "CVE-2013-6450", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-3567", "CVE-2015-0204", "CVE-2014-3510", "CVE-2015-0205", "CVE-2014-3509", "CVE-2014-0221"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2015-0601\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868936\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-21 05:44:43 +0100 (Wed, 21 Jan 2015)\");\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\",\n \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\", \"CVE-2014-3567\",\n \"CVE-2014-3513\", \"CVE-2014-3566\", \"CVE-2014-3505\", \"CVE-2014-3506\",\n \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\",\n \"CVE-2014-3511\", \"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\",\n \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\", \"CVE-2014-0160\",\n \"CVE-2013-4353\", \"CVE-2013-6450\", \"CVE-2013-6449\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openssl FEDORA-2015-0601\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0601\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~41.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:00", "description": "Oracle Linux Local Security Checks ELSA-2014-1052", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1052", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1052.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123331\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1052\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1052 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1052\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1052.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-10T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:1052 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310882005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882005", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882005\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:20:03 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos7\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram\nTransport Layer Security (DTLS) protocols, as well as a full-strength, general\npurpose cryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-14T00:00:00", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:1052 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881988", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881988\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:57 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-27T14:17:00", "description": "The remote Windows host is missing KB3062760, which resolves multiple OpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos Pulse client shipped with Windows 8.1 :\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "nessus", "title": "MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3572", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB3062760.NASL", "href": "https://www.tenable.com/plugins/nessus/84058", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84058);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2014-3572\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\"\n );\n script_bugtraq_id(\n 71936,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"MSKB\", value:\"3062760\");\n\n script_name(english:\"MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has VPN client software installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3062760, which resolves multiple\nOpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos\nPulse client shipped with Windows 8.1 :\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://iam-fed.juniper.net/auth/xlogin.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3062760/microsoft-security-advisory-update-for-vulnerability-in-juniper-networ\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\"Install Microsoft KB3062760.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"datetime.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit('SMB/ProductName');\nif (\"Windows 8.1\" >!< productname ) audit(AUDIT_OS_NOT, \"Microsoft Windows 8.1\");\n\narch = get_kb_item_or_exit('SMB/ARCH');\n\nwindir = hotfix_get_systemroot();\nif (!windir) exit(1, \"Failed to get the system root.\");\n\n# Check resources.pri\nfile_name = hotfix_append_path(path:windir, value:\"vpnplugins\\juniper\\resources.pri\");\nfile = hotfix_get_file_contents(path:file_name);\n\nhotfix_handle_error(error_code:file['error'],\n file:windir + \"vpnplugins\\juniper\\resources.pri\",\n appname:\"Junos Pulse VPN Client\",\n exit_on_fail:TRUE);\n\nvuln = FALSE;\nif(('\\0\\0' + unicode(string:\"SecondaryTokenPrompt\") + '\\0\\0') >< file['data'] &&\n ('\\0\\0' + unicode(string:\"SecondaryOldPasswordPrompt\") + '\\0\\0') >!< file['data'])\n vuln = TRUE;\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\nif ( vuln )\n{\n port = kb_smb_transport();\n report =\n '\\n File : ' + file_name +\n '\\n Missing KB update : KB3062760\\n';\n security_report_v4(port: port, severity: SECURITY_WARNING, extra: report);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-27T14:08:59", "description": "Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite.\n(CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA.\n(CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. A remote attacker could possibly use this issue to authenticate without the use of a private key in certain limited scenarios. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.\n(CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. A remote attacker could use this issue to cause OpenSSL to consume resources, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2459-1.NASL", "href": "https://www.tenable.com/plugins/nessus/80471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2459-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80471);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71935, 71936, 71937, 71939, 71940, 71941, 71942);\n script_xref(name:\"USN\", value:\"2459-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pieter Wuille discovered that OpenSSL incorrectly handled Bignum\nsquaring. (CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain\ncrafted DTLS messages. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled\ncertain handshakes. A remote attacker could possibly use this issue to\ndowngrade to ECDH, removing forward secrecy from the ciphersuite.\n(CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote\nattacker could possibly use this issue to trick certain applications\nthat rely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled\ncertain key exchanges. A remote attacker could possibly use this issue\nto downgrade the security of the session to EXPORT_RSA.\n(CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled\nclient authentication. A remote attacker could possibly use this issue\nto authenticate without the use of a private key in certain limited\nscenarios. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.\n(CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when\nprocessing DTLS records. A remote attacker could use this issue to\ncause OpenSSL to consume resources, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu\n14.10. (CVE-2015-0206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2459-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.23\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.21\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu9.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-28T14:32:09", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2014-3570 - incorrect computation in BN_sqr\n\n - fix CVE-2014-3571 - possible crash in dtls1_get_record\n\n - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state\n\n - fix CVE-2014-8275 - various certificate fingerprint issues\n\n - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server\n\n - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate\n\n - fix CVE-2015-0206 - possible memory leak when buffering DTLS records\n\n - use FIPS approved method for computation of d in RSA", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/80929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0005.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80929);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71935, 71936, 71937, 71939, 71940, 71941, 71942, 74107, 75769);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2014-3570 - incorrect computation in BN_sqr\n\n - fix CVE-2014-3571 - possible crash in dtls1_get_record\n\n - fix CVE-2014-3572 - possible downgrade of ECDH\n ciphersuite to non-PFS state\n\n - fix CVE-2014-8275 - various certificate fingerprint\n issues\n\n - fix CVE-2015-0204 - remove support for RSA ephemeral\n keys for non-export ciphersuites and on server\n\n - fix CVE-2015-0205 - do not allow unauthenticated client\n DH certificate\n\n - fix CVE-2015-0206 - possible memory leak when buffering\n DTLS records\n\n - use FIPS approved method for computation of d in RSA\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000257.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f04e43f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-30.el6_6.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:16", "description": "A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2015-01-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-libs", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150121_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/80905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80905);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was found in the DTLS implementation\nof OpenSSL. A remote attacker could send a specially crafted DTLS\nmessage, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record()\nfunction of OpenSSL parsed certain DTLS messages. A remote attacker\ncould send multiple specially crafted DTLS messages to exhaust all\navailable memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw\ncould possibly affect certain OpenSSL library functionality, such as\nRSA blinding. Note that this issue occurred rarely and with a low\nprobability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with\na non-ephemeral key even when the ephemeral ECDH cipher suite was\nselected. A malicious server could make a TLS/SSL client using OpenSSL\nuse a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when\nusing non-export RSA cipher suites. A malicious server could make a\nTLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509\ncertificates. An attacker could use these flaws to modify an X.509\ncertificate to produce a certificate with a different fingerprint\nwithout invalidating its signature, and possibly bypass\nfingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions,\naccept Diffie-Hellman client certificates without the use of a private\nkey. An attacker could use a user's client certificate to authenticate\nas that user, without needing the private key. (CVE-2015-0205)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=1506\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?948791ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-30.el6_6.5\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:09:58", "description": "Updated OpenSSL packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\n - A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\n - A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)\n\n - It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)\n\n - It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)\n\n - It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.\n (CVE-2015-0204)\n\n - Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)\n\n - It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2015:0066)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-0066.NASL", "href": "https://www.tenable.com/plugins/nessus/80867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0066 and \n# CentOS Errata and Security Advisory 2015:0066 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80867);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"RHSA\", value:\"2015:0066\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2015:0066)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated OpenSSL packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\n - A NULL pointer dereference flaw was found in the DTLS\n implementation of OpenSSL. A remote attacker could send\n a specially crafted DTLS message, which would cause an\n OpenSSL server to crash. (CVE-2014-3571)\n\n - A memory leak flaw was found in the way the\n dtls1_buffer_record() function of OpenSSL parsed certain\n DTLS messages. A remote attacker could send multiple\n specially crafted DTLS messages to exhaust all available\n memory of a DTLS server. (CVE-2015-0206)\n\n - It was found that OpenSSL's BigNumber Squaring\n implementation could produce incorrect results under\n certain special conditions. This flaw could possibly\n affect certain OpenSSL library functionality, such as\n RSA blinding. Note that this issue occurred rarely and\n with a low probability, and there is currently no known\n way of exploiting it. (CVE-2014-3570)\n\n - It was discovered that OpenSSL would perform an ECDH key\n exchange with a non-ephemeral key even when the\n ephemeral ECDH cipher suite was selected. A malicious\n server could make a TLS/SSL client using OpenSSL use a\n weaker key exchange method than the one requested by the\n user. (CVE-2014-3572)\n\n - It was discovered that OpenSSL would accept ephemeral\n RSA keys when using non-export RSA cipher suites. A\n malicious server could make a TLS/SSL client using\n OpenSSL use a weaker key exchange method.\n (CVE-2015-0204)\n\n - Multiple flaws were found in the way OpenSSL parsed\n X.509 certificates. An attacker could use these flaws to\n modify an X.509 certificate to produce a certificate\n with a different fingerprint without invalidating its\n signature, and possibly bypass fingerprint-based\n blacklisting in applications. (CVE-2014-8275)\n\n - It was found that an OpenSSL server would, under certain\n conditions, accept Diffie-Hellman client certificates\n without the use of a private key. An attacker could use\n a user's client certificate to authenticate as that\n user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the above issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-January/020885.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cba8b4b1\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-January/020884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d597301\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\n\npackages = make_list(\"openssl\", \"openssl-devel\", \"openssl-perl\", \"openssl-static\");\nadvisory_version = \"1.0.1e-30.el6_6.5\";\nbuggy_branch = \"1.0.1e-30.el6\\.([89]|\\d{2,})\\|\";\nforeach currpackage (packages)\n{\n rpm_regex = currpackage + \"-\" + buggy_branch;\n advisory_reference = currpackage + \"-\" + advisory_version;\n if (! rpm_exists(release:\"CentOS-6\", rpm:rpm_regex) && rpm_check(release:\"CentOS-6\", reference:advisory_reference)) flag++;\n}\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:34", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-0066.NASL", "href": "https://www.tenable.com/plugins/nessus/80879", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0066. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80879);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71936);\n script_xref(name:\"RHSA\", value:\"2015:0066\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nA NULL pointer dereference flaw was found in the DTLS implementation\nof OpenSSL. A remote attacker could send a specially crafted DTLS\nmessage, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record()\nfunction of OpenSSL parsed certain DTLS messages. A remote attacker\ncould send multiple specially crafted DTLS messages to exhaust all\navailable memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw\ncould possibly affect certain OpenSSL library functionality, such as\nRSA blinding. Note that this issue occurred rarely and with a low\nprobability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with\na non-ephemeral key even when the ephemeral ECDH cipher suite was\nselected. A malicious server could make a TLS/SSL client using OpenSSL\nuse a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when\nusing non-export RSA cipher suites. A malicious server could make a\nTLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509\ncertificates. An attacker could use these flaws to modify an X.509\ncertificate to produce a certificate with a different fingerprint\nwithout invalidating its signature, and possibly bypass\nfingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions,\naccept Diffie-Hellman client certificates without the use of a private\nkey. An attacker could use a user's client certificate to authenticate\nas that user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the above issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150108.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0206\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0066\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-30.el6.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-30.el6.5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-34.el7_0.7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:15", "description": "From Red Hat Security Advisory 2015:0066 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0066.NASL", "href": "https://www.tenable.com/plugins/nessus/80877", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0066 and \n# Oracle Linux Security Advisory ELSA-2015-0066 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80877);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71935, 71936, 71937, 71939, 71940, 71941, 71942);\n script_xref(name:\"RHSA\", value:\"2015:0066\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0066 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nA NULL pointer dereference flaw was found in the DTLS implementation\nof OpenSSL. A remote attacker could send a specially crafted DTLS\nmessage, which would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record()\nfunction of OpenSSL parsed certain DTLS messages. A remote attacker\ncould send multiple specially crafted DTLS messages to exhaust all\navailable memory of a DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw\ncould possibly affect certain OpenSSL library functionality, such as\nRSA blinding. Note that this issue occurred rarely and with a low\nprobability, and there is currently no known way of exploiting it.\n(CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with\na non-ephemeral key even when the ephemeral ECDH cipher suite was\nselected. A malicious server could make a TLS/SSL client using OpenSSL\nuse a weaker key exchange method than the one requested by the user.\n(CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when\nusing non-export RSA cipher suites. A malicious server could make a\nTLS/SSL client using OpenSSL use a weaker key exchange method.\n(CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509\ncertificates. An attacker could use these flaws to modify an X.509\ncertificate to produce a certificate with a different fingerprint\nwithout invalidating its signature, and possibly bypass\nfingerprint-based blacklisting in applications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions,\naccept Diffie-Hellman client certificates without the use of a private\nkey. An attacker could use a user's client certificate to authenticate\nas that user, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to mitigate the above issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-January/004795.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-30.el6_6.5\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:32:18", "description": "The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities :\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY12.NASL", "href": "https://www.tenable.com/plugins/nessus/81406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81406);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)\");\n script_summary(english:\"Checks the version of the OpenSSL packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the\n dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS\n message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record when\n handling a saturation of DTLS records containing the\n same number sequence but for the next epoch. This allows\n a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2503\nif (aix_check_ifix(release:\"5.3\", patch:\"(IV69033s9b|IV71446m9b)\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2504\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(IV69033s9b|IV71446m9b)\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2504\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(IV69033s9b|IV71446m9b)\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2504\") < 0) flag++;\n\n#1.0.1.512\nif (aix_check_ifix(release:\"5.3\", patch:\"(IV69033s9a|IV71446m9a)\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.513\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(IV69033s9a|IV71446m9a)\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.513\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(IV69033s9a|IV71446m9a)\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.513\") < 0) flag++;\n\n#12.9.8.2503\nif (aix_check_ifix(release:\"5.3\", patch:\"(IV69033s9c|IV71446m9c)\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2504\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"(IV69033s9c|IV71446m9c)\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2504\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"(IV69033s9c|IV71446m9c)\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2504\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:15", "description": "New upstream release fixing multiple low and moderate impact security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "nessus", "title": "Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/80464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0512.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80464);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71937, 71939, 71940, 71941);\n script_xref(name:\"FEDORA\", value:\"2015-0512\");\n\n script_name(english:\"Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream release fixing multiple low and moderate impact security\nissues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180240\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ac229eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openssl-1.0.1k-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:15", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2015-01-12T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-009-01.NASL", "href": "https://www.tenable.com/plugins/nessus/80443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-009-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80443);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_xref(name:\"SSA\", value:\"2015-009-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.782231\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0defa4b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:10:36", "description": "openssl was updated to 1.0.1k to fix various security issues and bugs.\n\nMore information can be found in the openssl advisory:\nhttp://openssl.org/news/secadv/20150108.txt\n\nFollowing issues were fixed :\n\n - CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.\n\n - CVE-2014-3571 (bsc#912294): Fixed crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.\n\n - CVE-2014-3572 (bsc#912015): Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted.\n\n - CVE-2014-8275 (bsc#912018): Fixed various certificate fingerprint issues.\n\n - CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA keys in export ciphersuites\n\n - CVE-2015-0205 (bsc#912293): A fixwas added to prevent use of DH client certificates without sending certificate verify message.\n\n - CVE-2015-0206 (bsc#912292): A memory leak was fixed in dtls1_buffer_record.", "cvss3": {}, "published": "2015-01-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-67.NASL", "href": "https://www.tenable.com/plugins/nessus/80991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-67.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80991);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)\");\n script_summary(english:\"Check for the openSUSE-2015-67 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"openssl was updated to 1.0.1k to fix various security issues and bugs.\n\nMore information can be found in the openssl advisory:\nhttp://openssl.org/news/secadv/20150108.txt\n\nFollowing issues were fixed :\n\n - CVE-2014-3570 (bsc#912296): Bignum squaring (BN_sqr) may\n have produced incorrect results on some platforms,\n including x86_64.\n\n - CVE-2014-3571 (bsc#912294): Fixed crash in\n dtls1_get_record whilst in the listen state where you\n get two separate reads performed - one for the header\n and one for the body of the handshake record.\n\n - CVE-2014-3572 (bsc#912015): Don't accept a handshake\n using an ephemeral ECDH ciphersuites with the server key\n exchange message omitted.\n\n - CVE-2014-8275 (bsc#912018): Fixed various certificate\n fingerprint issues.\n\n - CVE-2015-0204 (bsc#912014): Only allow ephemeral RSA\n keys in export ciphersuites\n\n - CVE-2015-0205 (bsc#912293): A fixwas added to prevent\n use of DH client certificates without sending\n certificate verify message.\n\n - CVE-2015-0206 (bsc#912292): A memory leak was fixed in\n dtls1_buffer_record.\"\n );\n # http://openssl.org/news/secadv/20150108.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150108.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00068.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.64.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.16.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.16.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:12:00", "description": "The remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows a remote attacker to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with dtls1_get_record() when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-03-13T00:00:00", "type": "nessus", "title": "McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-11-22T00:00:00", "cpe": ["x-cpe:/a:mcafee:firewall_enterprise"], "id": "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "href": "https://www.tenable.com/plugins/nessus/81815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81815);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10102\");\n\n script_name(english:\"McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)\");\n script_summary(english:\"Checks the version of MFE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Firewall Enterprise installed\nthat is affected by multiple vulnerabilities in the OpenSSL library :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows a remote attacker to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with\n dtls1_get_record() when handling DTLS messages. A remote\n attacker, using a specially crafted DTLS message, can\n cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch referenced in the vendor security\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:mcafee:firewall_enterprise\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_firewall_enterprise_version.nbin\");\n script_require_keys(\"Host/McAfeeFE/version\", \"Host/McAfeeFE/version_display\", \"Host/McAfeeFE/installed_patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Firewall Enterprise\";\nversion = get_kb_item_or_exit(\"Host/McAfeeFE/version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfeeFE/version_display\");\ninstalled_patches = get_kb_item_or_exit(\"Host/McAfeeFE/installed_patches\");\n\nhotfixmap = make_array(\n \"^7\\.\" , \"70103E65\" ,\n \"^8\\.2\\.1(\\.|$)\" , \"8.2.1E133\" ,\n \"^8\\.3\\.1(\\.|$)\" , \"8.3.1E68\" ,\n \"^8\\.3\\.2(\\.|$)\" , \"8.3.2E37\"\n);\n\ndisp_name = make_array(\n \"70103E65\" , \"7.0.1.03 ePatch 65\",\n \"8.2.1E133\" , \"8.2.1 ePatch 133\",\n \"8.3.1E68\" , \"8.3.1 ePatch 68\",\n \"8.3.2E37\" , \"8.3.2 ePatch 37\"\n);\n\nhotfix = NULL;\nname = NULL;\n\nforeach vergx (keys(hotfixmap))\n{\n if(version =~ vergx)\n {\n hotfix = hotfixmap[vergx ];\n name = disp_name[hotfix];\n break;\n }\n}\n\nif(isnull(hotfix) || (hotfix =~ \"(^|,)[\\d\\.]+?E\\d+?($|,)\" && installed_patches !~ \"(^|,)[\\d\\.]+?E\\d+?($|,)\"))\n audit(AUDIT_INST_VER_NOT_VULN, version_display);\n\nif (hotfix >!< installed_patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed Version : ' + version_display +\n '\\n Patched Version : ' + name +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, name, app_name);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:10:35", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1k. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with dtls1_get_record() when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-01-16T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1K.NASL", "href": "https://www.tenable.com/plugins/nessus/80568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80568);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1k. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with\n dtls1_get_record() when handling DTLS messages. A remote\n attacker, using a specially crafted DTLS message, can\n cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.1-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1k or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1k', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T14:36:19", "description": "The remote Cisco device is running a version of NX-OS software that is affected by multiple vulnerabilities in its bundled OpenSSL library:\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with dtls1_get_record() when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "nessus", "title": "Cisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-SA-20150310-SSL-NXOS.NASL", "href": "https://www.tenable.com/plugins/nessus/83528", "sourceData": "#TRUSTED 5308559dc2783448f1a0bc3d1192739dc9d0b31f38d938f959e989a88cc9b8e65eaa786171bd378a42a96cd4b04e97de66835bcc76fd08ea153288e392e9d88c818fc167554b838d62be86bf3baa467a64b2fa4a31126b148745b7f258317711e58b81e0ecab68651f47d4a1bba692681ffb7d4761c0c68ec9dbcf76788c0412714e12afcd85e04c472bc75f1918714af737b81d2deca5ab4b65911cb129bbe177a6ab79c302697f437f69f397717835971dea21ff79c46194090371ea3baa079c6c8f706abc30104e3caca36c036b6656f11d5d2832d39e17f471f5ffecfda43dd1f5ce4127734282e44ef94d3572737ee973f1be27e6db4b1c4101b3cc313f56c7c83e3ac0ec44a861e98b8f97736bbd257b79041caa04244ac5879f03e34fcb2be50777735b874d8fb50d1f6697dcb676345c703bd85a47db536590ce88b7c49d94385b305ce1af07406ea95b90b3c8c0906f6f3e5d90cc04a67578040759df1f09fced30efb9e361c908ce4742d8f02c4eab9e9309c3cddc3b8ba3bd512e1566c73963f81057241a6335b8a4f0cd046dd6f425cf7e2f2881c33ae9a27c9cf1dfc619909a9f8ee0290675ad12126f092b990bfaf7ab745df949d540d1ce0e1c22959b6004b65226a82dc3351c6ffc7d96dba21402a1dc6a6fd1d63d01d58bbc1253d5633af1a7c02b3ce0e473519e1d6d4704f615cfd95787791ee922ce1b\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83528);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut14256\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus42713\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus42717\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus42761\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus42784\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus42972\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus43046\");\n\n script_name(english:\"Cisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK)\");\n script_summary(english:\"Checks the NX-OS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Cisco device is running a version of NX-OS software that\nis affected by multiple vulnerabilities in its bundled OpenSSL\nlibrary:\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with\n dtls1_get_record() when handling DTLS messages. A remote\n attacker, using a specially crafted DTLS message, can\n cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd646a4f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch or workaround supplied by the vendor.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Device\", \"Host/Cisco/NX-OS/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\ndevice = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Device\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Model\");\nversion = get_kb_item_or_exit(\"Host/Cisco/NX-OS/Version\");\n\n# Only affects Nexus\nif (device != 'Nexus')\n audit(AUDIT_HOST_NOT, \"affected\");\n\nflag = 0;\noverride = 0;\ncbid = FALSE;\nn1kfix = \"5.2(1)SV3(1.4)\";\nn3kfix = \"Contact vendor\";\nn5kfix = \"Contact vendor\";\nn6kfix = \"Contact vendor\";\nn7kfix = \"Contact vendor\";\nn9kfix = \"7.0(3)I1(2)\";\n\n########################################\n# Model 1k\n########################################\nif (model =~ \"^1[0-9][0-9][0-9][0-9][vV]$\")\n{\n if(version == \"4.0(4)SV1(1)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(2)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(3)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(3a)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(3b)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(3c)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.0(4)SV1(3d)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(4)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(4a)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(4b)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(5.1)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(5.1a)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(5.2)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV1(5.2b)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV2(1.1)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV2(1.1a)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV2(2.1)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"4.2(1)SV2(2.1a)\" ) {flag += 1; fix = nk1fix;}\n else if(version == \"5.2(1)SM1(5.1)\" ) {flag += 1; fix = nk1fix;}\n # Specifically from bug\n else if(version == \"5.2(1)SV3(1.2)\" ) {flag += 1; fix = nk1fix;}\n cbid = \"CSCut14256\";\n}\n########################################\n# Model 3k\n########################################\nelse if (model =~ \"^3[0-9][0-9][0-9]$\")\n{\n if(version == \"5.0(3)U1(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U1(1a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U1(1b)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U1(1d)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U1(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U1(2a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(2a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(2b)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(2c)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U2(2d)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U3(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U3(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U3(2a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U3(2b)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U4(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1b)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1c)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1d)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1e)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1f)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1g)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"5.0(3)U5(1h)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U1(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U1(1a)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U1(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U1(3)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U1(4)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(3)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(4)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(5)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U2(6)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U3(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U3(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U3(3)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U3(4)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U3(5)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U4(2)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U4(3)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U4(1)\" ) {flag += 1; fix = n3kfix;}\n else if(version == \"6.0(2)U5(1)\" ) {flag += 1; fix = n3kfix;}\n cbid = \"CSCus43046\";\n}\n########################################\n# Model 5k\n########################################\nelse if (model =~ \"^5[0-9][0-9][0-9]$\")\n{\n if(version == \"4.0(0)N1(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(0)N1(2)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(0)N1(2a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(1a)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(1a)N1(1a)\") {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(1a)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.0(1a)N2(1a)\") {flag += 1; fix = n5kfix;}\n else if(version == \"4.1(3)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.1(3)N1(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.1(3)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.1(3)N2(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.2(1)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.2(1)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"4.2(1)N2(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(2)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(3)N1(1c)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(2)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(2)N2(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(3)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(3)N2(2)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(3)N2(2a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.0(3)N2(2b)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N1(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N2(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N2(1b)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.1(3)N2(1c)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(1a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(1b)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(2)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(2a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(3)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(4)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(5)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(6)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(7)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(8)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"5.2(1)N1(8a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N1(2)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N1(2a)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(1b)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(2)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(3)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(4)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"6.0(2)N2(5)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"7.0(0)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"7.0(1)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"7.0(2)N1(1)\" ) {flag += 1; fix = n5kfix;}\n else if(version == \"7.0(3)N1(1)\" ) {flag += 1; fix = n5kfix;}\n cbid = \"CSCus42713\"; # This bug covers 5/6/7\n # There are various suggested work arounds, they require\n # disabling many features, it is not really apparent how\n # to check for them.\n if (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n}\n########################################\n# Model 6k\n########################################\nelse if (model =~ \"^6[0-9][0-9][0-9]$\")\n{\n if(version == \"6.0(2)N1(2)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N1(2a)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(1)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(1b)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(2)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(3)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(4)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"6.0(2)N2(5)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"7.0(0)N1(1)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"7.0(1)N1(1)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"7.0(2)N1(1)\" ) {flag += 1; fix = n6kfix;}\n else if(version == \"7.0(3)N1(1)\" ) {flag += 1; fix = n6kfix;}\n cbid = \"CSCus42713\";\n}\n########################################\n# Model 7k\n########################################\nelse if (model =~ \"^7[0-9][0-9][0-9]$\")\n{\n if(version == \"4.1.(2)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.1.(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.1.(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.1.(5)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.2.(2a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.2(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.2(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.2(6)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"4.2(8)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.0(2a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.0(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.0(5)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(1)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(1a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(5)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.1(6)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(1)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(3a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(5)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(7)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"5.2(9)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.0(1)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.0(2)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.0(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.0(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.1(1)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.1(2)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.1(3)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.1(4)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.1(4a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(2)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(2a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(6)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(6b)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(8)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(8a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(8b)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(10)\" ) {flag += 1; fix = n7kfix;}\n # Specifically from bug\n else if(version == \"5.2(8f)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(7)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(8)S3\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(8a)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"6.2(11)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"7.2(0)VX(0.9)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"7.2(0.1)PR(0.1)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"7.3(0.9)\" ) {flag += 1; fix = n7kfix;}\n else if(version == \"9.9(0)XS(0.1)\" ) {flag += 1; fix = n7kfix;}\n cbid = \"CSCus42713\";\n # Check to see if we can determine if SSL is enabled with LDAP\n if(flag)\n {\n flag = 0;\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_ldap-server\",\"show ldap-server\");\n if(check_cisco_result(buf))\n {\n if(preg(multiline:TRUE, pattern:\"enable-ssl\", string:buf))\n flag += 1;\n else if(cisco_needs_enable(buf))\n {\n flag += 1;\n override = 1;\n }\n }\n }\n}\n########################################\n# Model 9k\n########################################\nelse if (model =~ \"^9[0-9][0-9][0-9]$\")\n{\n if(version == \"6.1(2)I2(1)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I2(2)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I2(2a)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I2(2b)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I2(3)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I3(1)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I3(2)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"6.1(2)I3(3)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"11.0(1b)\" ) {flag += 1; fix = n9kfix;}\n else if(version == \"11.0(1c)\" ) {flag += 1; fix = n9kfix;}\n # Specifically from bug\n else if(version == \"7.0(3)I1(1.1)\") {flag += 1; fix = n9kfix;}\n cbid = \"CSCus42784\";\n}\n\nif (flag)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n if(cbid) report += \n '\\n Cisco bug ID : ' + cbid;\n report +=\n '\\n Model : ' + device + ' ' + model +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:0, extra:report + cisco_caveat(override));\n }\n else security_warning(port:0, extra: cisco_caveat(override));\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-17T14:35:28", "description": "OpenSSL before 0.9.8zd, 1.0.0p, or 1.0.1k are unpatched for the following vulnerabilities:\n\n - A DTLS segmentation fault due to a null pointer dereference, which can lead to a denial of service attack (CVE-2014-3571)\n\n - A memory leak when handling repeated DTLS records with the same sequence number but the next epoch, which can result in denial of service (CVE-2015-0206)\n\n - A null pointer dereference when handling SSL v3 ClientHelloes can result in denial of service when openssl is built with the no-ssl3 option (CVE-2014-3569)\n\n - ECDHE silently downgrades to ECDH ciphersuite when the server key exchange message is omitted; this removes forward secrecy from the ciphersuite (CVE-2014-3572)\n\n - A server could present a weak temporary RSA key to silently downgrade the session's security from a non-export RSA key exchange ciphersuite (CVE-2015-0204)\n\n - For openssl servers that trust client certificate authorities that issue certificates containing DH keys, a bug exists wherein client certificates are accepted without verification (CVE-2015-0205)\n\n - OpenSSL does not enforce a match between the signed and unsigned portions of the certificate for several non-DER variants of certificate signature algorithms and signature encodings; while this does not affect OpenSSL servers and clients, custom applications relying on the uniqueness of the fingerprint may be affected (CVE-2014-8275)\n\n - Bignum squaring may produce incorrect results at random on some platforms, including x86_64, although the impact of this is unknown, and its occurrence is rare (CVE-2014-3570)", "cvss3": {}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "OpenSSL < 1.0.1k / < 1.0.0p / < 0.9.8zd Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "8617.PRM", "href": "https://www.tenable.com/plugins/nnm/8617", "sourceData": "Binary data 8617.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:10:15", "description": "Multiple vulnerabilities has been discovered and corrected in openssl :\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack (CVE-2014-3571).\n\nA memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206).\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569).\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572).\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204).\n\nAn OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys:\nthese are extremely rare and hardly ever encountered (CVE-2015-0205).\n\nOpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).\n\nBignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine (CVE-2014-3570).\n\nThe updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.", "cvss3": {}, "published": "2015-01-12T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64openssl-devel", "p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0", "p-cpe:/a:mandriva:linux:lib64openssl-static-devel", "p-cpe:/a:mandriva:linux:lib64openssl1.0.0", "p-cpe:/a:mandriva:linux:openssl", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-019.NASL", "href": "https://www.tenable.com/plugins/nessus/80456", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:019. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80456);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71934, 71935, 71936, 71937, 71939, 71940, 71941, 71942);\n script_xref(name:\"MDVSA\", value:\"2015:019\");\n\n script_name(english:\"Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nopenssl :\n\nA carefully crafted DTLS message can cause a segmentation fault in\nOpenSSL due to a NULL pointer dereference. This could lead to a Denial\nOf Service attack (CVE-2014-3571).\n\nA memory leak can occur in the dtls1_buffer_record function under\ncertain conditions. In particular this could occur if an attacker sent\nrepeated DTLS records with the same sequence number but for the next\nepoch. The memory leak could be exploited by an attacker in a Denial\nof Service attack through memory exhaustion (CVE-2015-0206).\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello\nis received the ssl method would be set to NULL which could later\nresult in a NULL pointer dereference (CVE-2014-3569).\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange\nmessage is omitted. This effectively removes forward secrecy from the\nciphersuite (CVE-2014-3572).\n\nAn OpenSSL client will accept the use of an RSA temporary key in a\nnon-export RSA key exchange ciphersuite. A server could present a weak\ntemporary key and downgrade the security of the session\n(CVE-2015-0204).\n\nAn OpenSSL server will accept a DH certificate for client\nauthentication without the certificate verify message. This\neffectively allows a client to authenticate without the use of a\nprivate key. This only affects servers which trust a client\ncertificate authority which issues certificates containing DH keys:\nthese are extremely rare and hardly ever encountered (CVE-2015-0205).\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate's fingerprint. This does not allow an\nattacker to forge certificates, and does not affect certificate\nverification or OpenSSL servers/clients in any other way. It also does\nnot affect common revocation mechanisms. Only custom applications that\nrely on the uniqueness of the fingerprint (e.g. certificate\nblacklists) may be affected (CVE-2014-8275).\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very low\nprobability, and is not known to be exploitable in any way, though its\nexact impact is difficult to determine (CVE-2014-3570).\n\nThe updated packages have been upgraded to the 1.0.0p version where\nthese security flaws has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150108.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64openssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-devel-1.0.0p-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-engines1.0.0-1.0.0p-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl-static-devel-1.0.0p-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64openssl1.0.0-1.0.0p-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"openssl-1.0.0p-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:09:31", "description": "OpenSSL project reports :\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n\nBignum squaring may produce incorrect results (CVE-2014-3570)", "cvss3": {}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4E536C14979111E4977DD050992ECDE8.NASL", "href": "https://www.tenable.com/plugins/nessus/80424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80424);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:01.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL project reports :\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n\nDH client certificates accepted without verification [Server]\n(CVE-2015-0205)\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n\nBignum squaring may produce incorrect results (CVE-2014-3570)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150108.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/4e536c14-9791-11e4-977d-d050992ecde8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80b933c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_17\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1k\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:31:51", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0p. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with dtls1_get_record() when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-01-16T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-11-25T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0P.NASL", "href": "https://www.tenable.com/plugins/nessus/80567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80567);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK)\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0p. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with\n dtls1_get_record() when handling DTLS messages. A remote\n attacker, using a specially crafted DTLS message, can\n cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/openssl-1.0.0-notes.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.0p or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0p', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:09:31", "description": "Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols. When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received, the ssl method would be set to NULL which could later result in a NULL pointer dereference and daemon crash.\n\n - CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring (BN_sqr) may produce incorrect results on some platforms, which might make it easier for remote attackers to defeat cryptographic protection mechanisms.\n\n - CVE-2014-3571 Markus Stenberg of Cisco Systems, Inc. reported that a carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. A remote attacker could use this flaw to mount a denial of service attack.\n\n - CVE-2014-3572 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuite if the server key exchange message is omitted. This allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy.\n\n - CVE-2014-8275 Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project and Konrad Kraszewski of Google reported various certificate fingerprint issues, which allow remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism.\n\n - CVE-2015-0204 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL client will accept the use of an ephemeral RSA key in a non-export RSA key exchange ciphersuite, violating the TLS standard. This allows remote SSL servers to downgrade the security of the session.\n\n - CVE-2015-0205 Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This flaw effectively allows a client to authenticate without the use of a private key via crafted TLS handshake protocol traffic to a server that recognizes a certification authority with DH support.\n\n - CVE-2015-0206 Chris Mueller discovered a memory leak in the dtls1_buffer_record function. A remote attacker could exploit this flaw to mount a denial of service through memory exhaustion by repeatedly sending specially crafted DTLS records.", "cvss3": {}, "published": "2015-01-12T00:00:00", "type": "nessus", "title": "Debian DSA-3125-1 : openssl - security update (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3125.NASL", "href": "https://www.tenable.com/plugins/nessus/80446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3125. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80446);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_bugtraq_id(71934, 71935, 71936, 71937, 71939, 71940, 71941, 71942);\n script_xref(name:\"DSA\", value:\"3125\");\n\n script_name(english:\"Debian DSA-3125-1 : openssl - security update (FREAK)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures\nproject identifies the following issues :\n\n - CVE-2014-3569\n Frank Schmirler reported that the ssl23_get_client_hello\n function in OpenSSL does not properly handle attempts to\n use unsupported protocols. When OpenSSL is built with\n the no-ssl3 option and a SSL v3 ClientHello is received,\n the ssl method would be set to NULL which could later\n result in a NULL pointer dereference and daemon crash.\n\n - CVE-2014-3570\n Pieter Wuille of Blockstream reported that the bignum\n squaring (BN_sqr) may produce incorrect results on some\n platforms, which might make it easier for remote\n attackers to defeat cryptographic protection mechanisms.\n\n - CVE-2014-3571\n Markus Stenberg of Cisco Systems, Inc. reported that a\n carefully crafted DTLS message can cause a segmentation\n fault in OpenSSL due to a NULL pointer dereference. A\n remote attacker could use this flaw to mount a denial of\n service attack.\n\n - CVE-2014-3572\n Karthikeyan Bhargavan of the PROSECCO team at INRIA\n reported that an OpenSSL client would accept a handshake\n using an ephemeral ECDH ciphersuite if the server key\n exchange message is omitted. This allows remote SSL\n servers to conduct ECDHE-to-ECDH downgrade attacks and\n trigger a loss of forward secrecy.\n\n - CVE-2014-8275\n Antti Karjalainen and Tuomo Untinen of the Codenomicon\n CROSS project and Konrad Kraszewski of Google reported\n various certificate fingerprint issues, which allow\n remote attackers to defeat a fingerprint-based\n certificate-blacklist protection mechanism.\n\n - CVE-2015-0204\n Karthikeyan Bhargavan of the PROSECCO team at INRIA\n reported that an OpenSSL client will accept the use of\n an ephemeral RSA key in a non-export RSA key exchange\n ciphersuite, violating the TLS standard. This allows\n remote SSL servers to downgrade the security of the\n session.\n\n - CVE-2015-0205\n Karthikeyan Bhargavan of the PROSECCO team at INRIA\n reported that an OpenSSL server will accept a DH\n certificate for client authentication without the\n certificate verify message. This flaw effectively allows\n a client to authenticate without the use of a private\n key via crafted TLS handshake protocol traffic to a\n server that recognizes a certification authority with DH\n support.\n\n - CVE-2015-0206\n Chris Mueller discovered a memory leak in the\n dtls1_buffer_record function. A remote attacker could\n exploit this flaw to mount a denial of service through\n memory exhaustion by repeatedly sending specially\n crafted DTLS records.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-0206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3125\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u14.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u14\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u14\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:36:31", "description": "Server code for ECDH could have crashed if it received a specially crafted handshake message (CVE-2011-3210). This has been fixed.", "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7766)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3210"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-7766.NASL", "href": "https://www.tenable.com/plugins/nessus/56612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56612);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3210\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server code for ECDH could have crashed if it received a specially\ncrafted handshake message (CVE-2011-3210). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3210.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openssl-0.9.8a-18.45.49.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openssl-devel-0.9.8a-18.45.49.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"openssl-doc-0.9.8a-18.45.49.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.45.49.8\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.45.49.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:39:20", "description": "Server code for ECDH could have crashed if it received a specially crafted handshake message (CVE-2011-3210). This has been fixed.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7760)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3210"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPENSSL-7760.NASL", "href": "https://www.tenable.com/plugins/nessus/57235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57235);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3210\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7760)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server code for ECDH could have crashed if it received a specially\ncrafted handshake message (CVE-2011-3210). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3210.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7760.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.54.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:39:57", "description": "Server code for ECDH could have crashed if it received a specially crafted handshake message (CVE-2011-3210). This has been fixed.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5160)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3210"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-110920.NASL", "href": "https://www.tenable.com/plugins/nessus/57116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57116);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3210\");\n\n script_name(english:\"SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5160)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Server code for ECDH could have crashed if it received a specially\ncrafted handshake message (CVE-2011-3210). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3210.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5160.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openssl-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openssl-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libopenssl0_9_8-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-doc-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.42.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-30.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:09:00", "description": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.\n\nThe BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.\n\nThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.\n\nThe ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.\n\nOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.\n\nThe ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.\n\nThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.\n\nMemory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "cvss3": {}, "published": "2015-01-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-469) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3568", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-469.NASL", "href": "https://www.tenable.com/plugins/nessus/80461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-469.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80461);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_xref(name:\"ALAS\", value:\"2015-469\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-469) (FREAK)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\nallows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted DTLS message that is\nprocessed with a different read operation for the handshake header\nthan for the handshake body, related to the dtls1_get_record function\nin d1_pkt.c and the ssl3_read_n function in s3_pkt.c.\n\nThe BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\nof a BIGNUM value, which might make it easier for remote attackers to\ndefeat cryptographic protection mechanisms via unspecified vectors,\nrelated to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\ncrypto/bn/bn_asm.c.\n\nThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\nSSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a\nloss of forward secrecy by omitting the ServerKeyExchange message.\n\nThe ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc,\n1.0.0o, and 1.0.1j does not properly handle attempts to use\nunsupported protocols, which allows remote attackers to cause a denial\nof service (NULL pointer dereference and daemon crash) via an\nunexpected handshake, as demonstrated by an SSLv3 handshake to a\nno-ssl3 application with certain error handling. NOTE: this issue\nbecame relevant after the CVE-2014-3568 fix.\n\nOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\ndoes not enforce certain constraints on certificate data, which allows\nremote attackers to defeat a fingerprint-based certificate-blacklist\nprotection mechanism by including crafted data within a certificate's\nunsigned portion, related to crypto/asn1/a_verify.c,\ncrypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and\ncrypto/x509/x_all.c.\n\nThe ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\nDiffie-Hellman (DH) certificate without requiring a CertificateVerify\nmessage, which allows remote attackers to obtain access without\nknowledge of a private key via crafted TLS Handshake Protocol traffic\nto a server that recognizes a Certification Authority with DH support.\n\nThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\nSSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and\nfacilitate brute-force decryption by offering a weak ephemeral RSA key\nin a noncompliant role.\n\nMemory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL\n1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to\ncause a denial of service (memory consumption) by sending many\nduplicate records for the next epoch, leading to failure of replay\ndetection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-469.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-1.82.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-1.82.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:09:46", "description": "Multiple low and moderate impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "nessus", "title": "Fedora 20 : openssl-1.0.1e-41.fc20 (2015-0601)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-8275", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-0601.NASL", "href": "https://www.tenable.com/plugins/nessus/80874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-0601.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80874);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-8275\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_xref(name:\"FEDORA\", value:\"2015-0601\");\n\n script_name(english:\"Fedora 20 : openssl-1.0.1e-41.fc20 (2015-0601)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple low and moderate impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180240\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ecb24e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openssl-1.0.1e-41.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:53", "description": "OpenSSL (compat-openssl097g) has been updated to fix various security issues.\n\nMore information can be found in the openssl advisory:\nhttp://openssl.org/news/secadv_20150108.txt .\n\nThe following issues have been fixed :\n\n - Bignum squaring (BN_sqr) may have produced incorrect results on some platforms, including x86_64.\n (bsc#912296). (CVE-2014-3570)\n\n - Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015). (CVE-2014-3572)\n\n - Fixed various certificate fingerprint issues.\n (bsc#912018). (CVE-2014-8275)\n\n - Only allow ephemeral RSA keys in export ciphersuites.\n (bsc#912014). (CVE-2015-0204)\n\n - A fix was added to prevent use of DH client certificates without sending certificate verify message. Note that compat-openssl097g is not affected by this problem, a fix was however applied to the sources. (bsc#912293).\n (CVE-2015-0205)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:compat-openssl097g", "p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_COMPAT-OPENSSL097G-150122.NASL", "href": "https://www.tenable.com/plugins/nessus/81120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81120);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\");\n\n script_name(english:\"SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL (compat-openssl097g) has been updated to fix various security\nissues.\n\nMore information can be found in the openssl advisory:\nhttp://openssl.org/news/secadv_20150108.txt .\n\nThe following issues have been fixed :\n\n - Bignum squaring (BN_sqr) may have produced incorrect\n results on some platforms, including x86_64.\n (bsc#912296). (CVE-2014-3570)\n\n - Don't accept a handshake using an ephemeral ECDH\n ciphersuites with the server key exchange message\n omitted. (bsc#912015). (CVE-2014-3572)\n\n - Fixed various certificate fingerprint issues.\n (bsc#912018). (CVE-2014-8275)\n\n - Only allow ephemeral RSA keys in export ciphersuites.\n (bsc#912014). (CVE-2015-0204)\n\n - A fix was added to prevent use of DH client certificates\n without sending certificate verify message. Note that\n compat-openssl097g is not affected by this problem, a\n fix was however applied to the sources. (bsc#912293).\n (CVE-2015-0205)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3570.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0204.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0205.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10208.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:39:41", "description": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. (CVE-2016-2179)\n\nImpact\n\nAn attacker can send a fragmented, incomplete message followed by a 'retransmission' message. In this case, the system accepts the retransmission message but the queue retains the original fragments, which consumes system resources. By repeating this process many times, the attacker can cause resource exhaustion.", "cvss3": {}, "published": "2016-11-01T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K23512141)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2179"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL23512141.NASL", "href": "https://www.tenable.com/plugins/nessus/94449", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K23512141.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94449);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2016-2179\");\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K23512141)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The DTLS implementation in OpenSSL before 1.1.0 does not properly\nrestrict the lifetime of queue entries associated with unused\nout-of-order messages, which allows remote attackers to cause a denial\nof service (memory consumption) by maintaining many crafted DTLS\nsessions simultaneously, related to d1_lib.c, statem_dtls.c,\nstatem_lib.c, and statem_srvr.c. (CVE-2016-2179)\n\nImpact\n\nAn attacker can send a fragmented, incomplete message followed by a\n'retransmission' message. In this case, the system accepts the\nretransmission message but the queue retains the original fragments,\nwhich consumes system resources. By repeating this process many times,\nthe attacker can cause resource exhaustion.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K23512141\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K23512141.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K23512141\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.4.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\",\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1-11.4.1\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\",\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1-11.4.1\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.2.1\",\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\",\"11.5.0-11.6.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.4.0-11.6.1\",\"11.2.1-11.4.1\",\"10.2.1-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\",\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1-11.4.1\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\",\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.1\",\"11.4.0-11.6.1\",\"11.2.1-11.4.1\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.1\",\"11.5.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.4.0-11.4.1\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-31T14:36:11", "description": "According to the version of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.(CVE-2016-2179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2020-1420)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2179"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1420.NASL", "href": "https://www.tenable.com/plugins/nessus/135549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135549);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2016-2179\");\n\n script_name(english:\"EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2020-1420)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The DTLS implementation in OpenSSL before 1.1.0 does\n not properly restrict the lifetime of queue entries\n associated with unused out-of-order messages, which\n allows remote attackers to cause a denial of service\n (memory consumption) by maintaining many crafted DTLS\n sessions simultaneously, related to d1_lib.c,\n statem_dtls.c, statem_lib.c, and\n statem_srvr.c.(CVE-2016-2179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1420\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?506d18dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2179\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:10:36", "description": "OpenSSL Security Advisory :\n\nA memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.", "cvss3": {}, "published": "2015-01-23T00:00:00", "type": "nessus", "title": "FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0206"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL", "href": "https://www.tenable.com/plugins/nessus/80925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80925);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0206\");\n\n script_name(english:\"FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL Security Advisory :\n\nA memory leak can occur in the dtls1_buffer_record function under\ncertain conditions. In particular this could occur if an attacker sent\nrepeated DTLS records with the same sequence number but for the next\nepoch. The memory leak could be exploited by an attacker in a Denial\nof Service attack through memory exhaustion.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150108.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/f9c388c5-a256-11e4-992a-7b2a515a1247.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b4e7e9e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.1.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:11:23", "description": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "cvss3": {}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL16135)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0205"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL16135.NASL", "href": "https://www.tenable.com/plugins/nessus/81391", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16135.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81391);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-0205\");\n script_bugtraq_id(71941);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (SOL16135)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\nDiffie-Hellman (DH) certificate without requiring a CertificateVerify\nmessage, which allows remote attackers to obtain access without\nknowledge of a private key via crafted TLS Handshake Protocol traffic\nto a server that recognizes a Certification Authority with DH support.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.lineratesystems.com/093Release_2.5/200CLI_Reference_Guide\"\n );\n # https://docs.lineratesystems.com/093Release_2.5/200CLI_Reference_Guide/Configure_Commands/SSL_Mode_Commands\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adf91cc5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.lineratesystems.com/097Release_2.4/200CLI_Reference_Guide\"\n );\n # https://docs.lineratesystems.com/097Release_2.4/200CLI_Reference_Guide/Configure_Commands/SSL_Mode_Commands\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?546c2c7a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16135\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16135.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16135\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-27T14:10:53", "description": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "cvss3": {}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL16126)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3572"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL16126.NASL", "href": "https://www.tenable.com/plugins/nessus/81390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16126.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81390);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-3572\");\n script_bugtraq_id(71942);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (SOL16126)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\nSSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a\nloss of forward secrecy by omitting the ServerKeyExchange message.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.lineratesystems.com/093Release_2.5/200CLI_Reference_Guide\"\n );\n # https://docs.lineratesystems.com/093Release_2.5/200CLI_Reference_Guide/Configure_Commands/SSL_Mode_Commands\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adf91cc5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.lineratesystems.com/097Release_2.4/200CLI_Reference_Guide\"\n );\n # https://docs.lineratesystems.com/097Release_2.4/200CLI_Reference_Guide/Configure_Commands/SSL_Mode_Commands\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?546c2c7a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16126\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16126.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16126\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.5.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-07T14:27:11", "description": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a 'protocol downgrade' issue.", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : TLS vulnerability (SOL15564)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3511"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL15564.NASL", "href": "https://www.tenable.com/plugins/nessus/78195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15564.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78195);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-3511\");\n script_bugtraq_id(69079);\n\n script_name(english:\"F5 Networks BIG-IP : TLS vulnerability (SOL15564)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1\nbefore 1.0.1i allows man-in-the-middle attackers to force the use of\nTLS 1.0 by triggering ClientHello message fragmentation in\ncommunication between a client and server that both support later TLS\nversions, related to a 'protocol downgrade' issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15564\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15564.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15564\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.5.0\",\"11.5.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF4\",\"11.5.2\",\"11.5.1HF6\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-27T14:14:17", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\nNote that these issues only affects devices with J-Web or the SSL service for JUNOScript enabled.", "cvss3": {}, "published": "2015-04-21T00:00:00", "type": "nessus", "title": "Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:juniper:junos", "cpe:/a:openssl:openssl"], "id": "JUNIPER_JSA10679.NASL", "href": "https://www.tenable.com/plugins/nessus/82912", "sourceData": "#TRUSTED 168cee9d349a90c4c66dd321ac31282a4010a5d4bbb4286c360527e3dbc69c712981be3ebdb98b5158d9b90611e3934102255095de818a3a533a9e97a403d8fd7d2bd036eb7da2bad6d06744f5462411c81954d0e628e538ea0959e039fc6305aa5f1244aa9a46be7d27445cab4bac6158648a62998ce282f93d3e185574f719dc8d5b9bf0f2982268ce6c9571218d786f6936959594f6450c321e3a390bacab9eeff1fc03f6248e3f591af744fc7e8b5412ec92c282ed0623784b3e4588119757e9e599d653c683f050060e9951e58963020f48391e9132ca3519e46ab47fb85bd43c90a68cab35890283f3a7ed8f37d6fceeeb04e0216bc0ccfabae3cdaf5aaf4165c5d94ad99c0ed2835f1fef2dac9eb74e4fb960e35185defb526844adfb6441ca934e2144a4376a5decda1b6a28cb51116b7356d606f106b7f452eda111a803f921ff4c1040a40dd4ad46c9a6a4dd258120bbc203297f9ee215b8b35f9b17ba336a7fc70ba2176a54823650ac1f569b551184bd765265d869e52e19b8297555084ad9f98f3a13c2c98cdd4cdb21e529737ce29261a8851c6bf8f50c758f097065da78debd9f448e1be9364747f47fbf00619e409b60044170ffa7238a547221562822ada7149aad8a9be52cbbb0f21d3b0f7c748f3b691f254bdea9d86ece9e6496113655939ad4d0324c8fcd943f7bb3ce25f423ae2a481a33425be9f4\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82912);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/12\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\"\n );\n script_bugtraq_id(71934, 71935, 71936, 71939, 71941, 71942);\n script_xref(name:\"JSA\", value:\"JSA10679\");\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)\");\n script_summary(english:\"Checks the Junos version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by the following vulnerabilities related to\nOpenSSL :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\nNote that these issues only affects devices with J-Web or the SSL\nservice for JUNOScript enabled.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release or workaround referenced in\nJuniper advisory JSA10679.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n \n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nfixes = make_array();\nfixes['12.1X44'] = '12.1X44-D50';\nfixes['12.1X46'] = '12.1X46-D35';\nfixes['12.1X47'] = '12.1X47-D25';\nfixes['12.3'] = '12.3R10';\nfixes['12.3X48'] = '12.3X48-D10';\nfixes['13.2'] = '13.2R8';\nfixes['13.3'] = '13.3R6';\nfixes['14.1'] = '14.1R5';\nfixes['14.2'] = '14.2R3';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# HTTPS or XNM-SSL must be enabled\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n patterns = make_list(\n \"^set system services web-management http(s)? interface\", # J-Web\n \"^set system services xnm-ssl\" # SSL Service for JUNOScript (XNM-SSL)\n );\n foreach pattern (patterns)\n {\n if (junos_check_config(buf:buf, pattern:pattern))\n {\n override = FALSE;\n break;\n }\n }\n if (override)\n audit(AUDIT_HOST_NOT,\n 'affected because J-Web and SSL Service for JUNOScript (XNM-SSL) are not enabled');\n}\n\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T14:33:01", "description": "OpenSSL has been updated to fix various security issues.\n\nMore information can be found in the OpenSSL advisory:\nhttp://openssl.org/news/secadv_20150108.txt .\n\nThe following issues have been fixed :\n\n - Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. (bsc#912296).\n (CVE-2014-3570)\n\n - Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.\n (bsc#912294). (CVE-2014-3571)\n\n - Don't accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. (bsc#912015). (CVE-2014-3572)\n\n - Fix various certificate fingerprint issues.\n (bsc#912018). (CVE-2014-8275)\n\n - Only allow ephemeral RSA keys in export ciphersuites.\n (bsc#912014). (CVE-2015-0204)\n\n - OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. (bsc#912293). (CVE-2015-0205)", "cvss3": {}, "published": "2015-02-02T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit", "p-cpe:/a:novell:suse_linux:11:openssl", "p-cpe:/a:novell:suse_linux:11:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBOPENSSL-DEVEL-150112.NASL", "href": "https://www.tenable.com/plugins/nessus/81124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81124);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\");\n\n script_name(english:\"SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL has been updated to fix various security issues.\n\nMore information can be found in the OpenSSL advisory:\nhttp://openssl.org/news/secadv_20150108.txt .\n\nThe following issues have been fixed :\n\n - Bignum squaring (BN_sqr) may produce incorrect results\n on some platforms, including x86_64. (bsc#912296).\n (CVE-2014-3570)\n\n - Fix crash in dtls1_get_record whilst in the listen state\n where you get two separate reads performed - one for the\n header and one for the body of the handshake record.\n (bsc#912294). (CVE-2014-3571)\n\n - Don't accept a handshake using an ephemeral ECDH\n ciphersuites with the server key exchange message\n omitted. (bsc#912015). (CVE-2014-3572)\n\n - Fix various certificate fingerprint issues.\n (bsc#912018). (CVE-2014-8275)\n\n - Only allow ephemeral RSA keys in export ciphersuites.\n (bsc#912014). (CVE-2015-0204)\n\n - OpenSSL 0.9.8j is NOT vulnerable to CVE-2015-0205 as it\n doesn't support DH certificates and this typo prohibits\n skipping of certificate verify message for sign only\n certificates anyway. (bsc#912293). (CVE-2015-0205)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=912296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3570.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-3572.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0204.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0205.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10150.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libopenssl0_9_8-hmac-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-doc-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:14:28", "description": "The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R11. It is, therefore, affected by multiple vulnerabilities related to OpenSSL :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)", "cvss3": {}, "published": "2015-04-21T00:00:00", "type": "nessus", "title": "Juniper NSM < 2012.2R11 Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:network_and_security_manager"], "id": "JUNIPER_NSM_JSA10679.NASL", "href": "https://www.tenable.com/plugins/nessus/82913", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82913);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71939,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"Juniper NSM < 2012.2R11 Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of NSM (Network and Security\nManager) Server that is prior to 2012.2R11. It is, therefore, affected\nby multiple vulnerabilities related to OpenSSL :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper NSM version 2012.2R11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:network_and_security_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"juniper_nsm_gui_svr_detect.nasl\", \"juniper_nsm_servers_installed.nasl\");\n script_require_keys(\"Juniper_NSM_VerDetected\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\nkb_base = \"Host/NSM/\";\n\n# No Solaris download available according to the Vendor's advisory\nos = get_kb_item(\"Host/OS\");\nif (report_paranoia < 2)\n{\n if (!isnull(os) && 'Solaris' >< os) audit(AUDIT_HOST_NOT, 'affected');\n}\n\nget_kb_item_or_exit(\"Juniper_NSM_VerDetected\");\n\nkb_list = make_list();\n\ntemp = get_kb_list(\"Juniper_NSM_GuiSvr/*/build\");\n\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\ntemp = get_kb_list(\"Host/NSM/*/build\");\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\nif (max_index(kb_list) == 0) audit(AUDIT_NOT_INST, \"Juniper NSM Servers\");\n\nreport = '';\n\nentry = branch(kb_list);\n\nport = 0;\nkb_base = '';\n\nif (\"Juniper_NSM_GuiSvr\" >< entry)\n{\n port = entry - \"Juniper_NSM_GuiSvr/\" - \"/build\";\n kb_base = \"Juniper_NSM_GuiSvr/\" + port + \"/\";\n\n report_str1 = \"Remote GUI server version : \";\n report_str2 = \"Fixed version : \";\n}\nelse\n{\n kb_base = entry - \"build\";\n if (\"guiSvr\" >< kb_base)\n {\n report_str1 = \"Local GUI server version : \";\n report_str2 = \"Fixed version : \";\n }\n else\n {\n report_str1 = \"Local device server version : \";\n report_str2 = \"Fixed version : \";\n }\n}\n\nbuild = get_kb_item_or_exit(entry);\nversion = get_kb_item_or_exit(kb_base + 'version');\n\nversion_disp = version + \" (\" + build + \")\";\n\n# NSM 2012.2R11 or later\n# replace r or R with . for easier version comparison\n# in 2010 and 2011 versions they use S instead of R\nversion_num = ereg_replace(pattern:\"(r|R|s|S)\", replace:\".\", string:version);\n\n# remove trailing . if it exists\nversion_num = ereg_replace(pattern:\"\\.$\", replace:\"\", string:version_num);\n\nfix_disp = \"2012.2R11\";\nfix_num = \"2012.2.11\";\nif (ver_compare(ver:version_num, fix:fix_num, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ' + report_str1 + version_disp +\n '\\n ' + report_str2 + fix_disp +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM\", version_disp);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-07T14:19:03", "description": "OpenSSL's internal certificate verification routines could incorrectly accept a CRL whose nextUpdate field is in the past (CVE-2011-3207).\n\nServer code for ECDH could crash if it received a specially crafted handshake message (CVE-2011-3210).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3207", "CVE-2011-3210"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBOPENSSL-DEVEL-110920.NASL", "href": "https://www.tenable.com/plugins/nessus/75597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75597);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-3210\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL's internal certificate verification routines could incorrectly\naccept a CRL whose nextUpdate field is in the past (CVE-2011-3207).\n\nServer code for ECDH could crash if it received a specially crafted\nhandshake message (CVE-2011-3210).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl-devel-1.0.0-6.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl0_9_8-0.9.8m-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libopenssl1_0_0-1.0.0-6.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"openssl-1.0.0-6.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8m-3.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0-6.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-07T14:17:17", "description": "OpenSSL's internal certificate verification routines could incorrectly accept a CRL whose nextUpdate field is in the past (CVE-2011-3207).\n\nServer code for ECDH could crash if it received a specially crafted handshake message (CVE-2011-3210).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3207", "CVE-2011-3210"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_LIBOPENSSL-DEVEL-110920.NASL", "href": "https://www.tenable.com/plugins/nessus/75907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75907);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-3210\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL's internal certificate verification routines could incorrectly\naccept a CRL whose nextUpdate field is in the past (CVE-2011-3207).\n\nServer code for ECDH could crash if it received a specially crafted\nhandshake message (CVE-2011-3210).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-10/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl-devel-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl0_9_8-0.9.8m-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl0_9_8-debuginfo-0.9.8m-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl0_9_8-debugsource-0.9.8m-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-debuginfo-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debuginfo-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debugsource-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8m-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8m-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0c-18.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0c-18.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:35:30", "description": "Versions of OpenSSL 1.0.0 earlier than and 1.0.0e are potentially affected by the following vulnerabilities : \n\n - An error exists in the internal certificate verification process that can allow improper acceptance of a certificate revolcation list (CRL) if the lists's 'nextUpdate' field contains a date in teh past. Note that this internal CRL checking is not enabled by defaut. (CVE-2011-3207)\n\n - An error exists in the code for the ephemeral (EC)DH ciphersuites that can allow a remote attacker to crash the process. (CVE-2011-3210)", "cvss3": {}, "published": "2011-09-06T00:00:00", "type": "nessus", "title": "OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3207", "CVE-2011-3210"], "modified": "2011-09-06T00:00:00", "cpe": [], "id": "801065.PRM", "href": "https://www.tenable.com/plugins/lce/801065", "sourceData": "Binary data 801065.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-17T15:08:02", "description": "Versions of OpenSSL 1.0.0 earlier than and 1.0.0e are potentially affected by the following vulnerabilities : \n\n - An error exists in the internal certificate verification process that can allow improper acceptance of a certificate revolcation list (CRL) if the lists's 'nextUpdate' field contains a date in teh past. Note that this internal CRL checking is not enabled by defaut. (CVE-2011-3207)\n\n - An error exists in the code for the ephemeral (EC)DH ciphersuites that can allow a remote attacker to crash the process. (CVE-2011-3210)", "cvss3": {}, "published": "2011-09-06T00:00:00", "type": "nessus", "title": "OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3207", "CVE-2011-3210"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "6022.PRM", "href": "https://www.tenable.com/plugins/nnm/6022", "sourceData": "Binary data 6022.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-06T14:26:05", "description": "OpenSSL Team reports :\n\nTwo security flaws have been fixed in OpenSSL 1.0.0e\n\nUnder certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207)\n\nOpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order.\n(CVE-2011-3210)", "cvss3": {}, "published": "2011-09-08T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (2ecb7b20-d97e-11e0-b2e2-00215c6a37bb)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3207", "CVE-2011-3210"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-f10-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2ECB7B20D97E11E0B2E200215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/56117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56117);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3207\", \"CVE-2011-3210\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (2ecb7b20-d97e-11e0-b2e2-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL Team reports :\n\nTwo security flaws have been fixed in OpenSSL 1.0.0e\n\nUnder certain circumstances OpenSSL's internal certificate\nverification routines can incorrectly accept a CRL whose nextUpdate\nfield is in the past. (CVE-2011-3207)\n\nOpenSSL server code for ephemeral ECDH ciphersuites is not\nthread-safe, and furthermore can crash if a client violates the\nprotocol by sending handshake messages in incorrect order.\n(CVE-2011-3210)\"\n );\n # http://www.openssl.org/news/secadv/20110906.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20110906.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/2ecb7b20-d97e-11e0-b2e2-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3f89c7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.0<1.0.0_6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=0.9.8<1.0.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-openssl>=0.9.8<0.9.8r\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T16:36:53", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.\n(CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2014-08-14T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2014:1052)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2014-1052.NASL", "href": "https://www.tenable.com/plugins/nessus/77187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1052 and \n# CentOS Errata and Security Advisory 2014:1052 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77187);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_bugtraq_id(69075, 69076, 69078, 69079, 69081, 69082, 69084);\n script_xref(name:\"RHSA\", value:\"2014:1052\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2014:1052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose\ncryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n(CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library\n(such as httpd and other SSL-enabled services) must be restarted or\nthe system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eba82abb\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f3e095c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3509\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-16.el6_5.15\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-34.el7_0.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-34.el7_0.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-34.el7_0.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-34.el7_0.4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-34.el7_0.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T16:36:54", "description": "A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.\n(CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nFor the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140813)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140813_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/77216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77216);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140813)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n(CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS\npackets. A remote attacker could use these flaws to cause a DTLS\nserver or client using OpenSSL to crash or use excessive amounts of\nmemory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary (such as httpd and other SSL-enabled services) must be\nrestarted or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=942\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5d6f17d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-16.el6_5.15\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-16.el6_5.15\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T16:40:07", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2014-3505 - doublefree in DTLS packet processing\n\n - fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n\n - fix CVE-2014-3507 - avoid memory leak in DTLS\n\n - fix CVE-2014-3508 - fix OID handling to avoid information leak\n\n - fix CVE-2014-3509 - fix race condition when parsing server hello\n\n - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n\n - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation", "cvss3": {}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2014-0012)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2014-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/79536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2014-0012.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79536);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_bugtraq_id(69075, 69076, 69078, 69079, 69081, 69082, 69084);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2014-0012)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2014-3505 - doublefree in DTLS packet processing\n\n - fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n\n - fix CVE-2014-3507 - avoid memory leak in DTLS\n\n - fix CVE-2014-3508 - fix OID handling to avoid\n information leak\n\n - fix CVE-2014-3509 - fix race condition when parsing\n server hello\n\n - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling\n in DTLS\n\n - fix CVE-2014-3511 - disallow protocol downgrade via\n fragmentation\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2014-August/000214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b4946f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-16.el6_5.15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:43:49", "description": "**CentOS Errata and Security Advisory** CESA-2015:0066\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL's BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected.\nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates.\nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key.\nAn attacker could use a user's client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-January/070359.html\nhttps://lists.centos.org/pipermail/centos-announce/2015-January/070360.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:0066", "cvss3": {}, "published": "2015-01-20T21:00:39", "type": "centos", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2015-01-20T21:13:20", "id": "CESA-2015:0066", "href": "https://lists.centos.org/pipermail/centos-announce/2015-January/070359.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-01T04:44:12", "description": "**CentOS Errata and Security Advisory** CESA-2014:1052\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-August/069963.html\nhttps://lists.centos.org/pipermail/centos-announce/2014-August/069964.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:1052", "cvss3": {}, "published": "2014-08-13T20:10:43", "type": "centos", "title": "openssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "modified": "2014-08-13T20:25:33", "id": "CESA-2014:1052", "href": "https://lists.centos.org/pipermail/centos-announce/2014-August/069963.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:29:44", "description": "## Releases\n\n * Ubuntu 14.10 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * openssl \\- Secure Socket Layer (SSL) cryptographic library and tools\n\nPieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. \n(CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted \nDTLS messages. A remote attacker could use this issue to cause OpenSSL to \ncrash, resulting in a denial of service. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain \nhandshakes. A remote attacker could possibly use this issue to downgrade to \nECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that \nOpenSSL incorrectly handled certain certificate fingerprints. A remote \nattacker could possibly use this issue to trick certain applications that \nrely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain \nkey exchanges. A remote attacker could possibly use this issue to downgrade \nthe security of the session to EXPORT_RSA. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client \nauthentication. A remote attacker could possibly use this issue to \nauthenticate without the use of a private key in certain limited scenarios. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when \nprocessing DTLS records. A remote attacker could use this issue to cause \nOpenSSL to consume resources, resulting in a denial of service. This issue \nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n", "cvss3": {}, "published": "2015-01-12T00:00:00", "type": "ubuntu", "title": "OpenSSL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2015-01-12T00:00:00", "id": "USN-2459-1", "href": "https://ubuntu.com/security/notices/USN-2459-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "aix": [{"lastseen": "2023-02-08T18:04:22", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Feb 4 06:24:41 CST 2015\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1. VULNERABILITY: AIX OpenSSL does not properly calculate the square of a BIGNUM \n value which makes it easier for attacker to defeat cryptographic\n protection mechanisms\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3570\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2.VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n while processing a DTLS message\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3571\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL allows remote SSL servers to conduct ECDHE-to-ECDH\n downgrade attacks and thereby causing loss of forward secrecy\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3572\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL allows remote attackers to defeat the fingerprint-based\n certificate blacklist protection mechanism\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-8275\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL allows remote SSL servers to conduct RSA-to-EXPORT_RSA\n downgrade attacks and thereby offering a weak ephemeral RSA key in\n a noncompliant role\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-0204\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY: AIX OpenSSL allows remote attackers to obtain access without\n knowledge of a private key on a server that recognizes a\n Certification Authority with DH support\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-0205\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n7. VULNERABILITY: AIX OpenSSL allows remote attackers to cause Denial of Service\n by sending many duplicate records for the next epoch, leading\n to failure of replay detection\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2015-0206\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3570\n \tOpenSSL does not properly calculate the square of a BIGNUM value, which might \n make it easier for remote attackers to defeat cryptographic protection mechanisms \n via unspecified vectors\n\n 2. CVE-2014-3571\n\t OpenSSL allows remote attackers to cause a denial of service via a crafted DTLS \n message that is processed with a different read operation for the handshake \n header than for the handshake body\n\n 3. CVE-2014-3572\n OpenSSL allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks \n and trigger loss of forward secrecy by omitting the ServerKeyExchange message.\n\n 4. CVE-2014-8275\n OpenSSL does not enforce certain constraints on certificate data, which allows \n remote attackers to defeat a fingerprint-based certificate-blacklist protection \n mechanism by including crafted data within a certificate's unsigned portion\n\n 5. CVE-2015-0204\n OpenSSL allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks \n and facilitate brute-force decryption by offering a weak ephemeral RSA key \n in a noncompliant role.\n\n 6. CVE-2015-0205\n OpenSSL accepts client authentication with a Diffie-Hellman (DH) certificate \n without requiring a CertificateVerify message, which allows remote attackers \n to obtain access without knowledge of a private key via crafted TLS Handshake \n Protocol traffic to a server that recognizes a Certification Authority \n with DH support.\n\n 7. CVE-2015-0206\n\t OpenSSL could allow remote attackers to cause a denial of service (memory \n consumption) by sending many duplicate records for the next epoch, leading \n to failure of replay detection.\n\nII. CVSS\n\n 1. CVE-2014-3570\n CVSS Base Score: 2.6\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99710\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N\n\n 2. CVE-2014-3571\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99703\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n 3. CVE-2014-3572\n CVSS Base Score: 1.2\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99705\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N\n\n 4. CVE-2014-8275\n CVSS Base Score: 1.2\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99709\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N\n\n 5. CVE-2015-0204\n CVSS Base Score: 1.2\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99707\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N\n\n 6. CVE-2015-0205\n CVSS Base Score: 2.1\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99708 \n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N\n\n 7. CVE-2015-0206\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/99704\n CVSS Environmental Score*: Undefined\n CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3572, CVE-2015-0205, CVE-2015-0206\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.513\n\n B. CVE-2014-3570, CVE-2014-3571, CVE-2014-8275, CVE-2015-0204\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.513\n openssl.base 0.9.8.401 0.9.8.2504\n openssl.base 12.9.8.1100 12.9.8.2504\n\n\tNote, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n\tavailable in aix web download site. Even OpenSSL versions below \n\tthis are impacted\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix12.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation)\n ---------------------------------------------------------------------------------\n 5.3, 6.1, 7.1 IV69033s9a.150129.epkg.Z openssl.base(1.0.1.513 version)\n 5.3, 6.1, 7.1 IV69033s9b.150129.epkg.Z openssl.base(0.9.8.2504 version)\n 5.3, 6.1, 7.1 IV69033s9c.150129.epkg.Z openssl.base(12.9.8.2504 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name(prereq for installation)\n -------------------------------------------------------------------------------------\n 2.2.* IV69033s9a.150129.epkg.Z openssl.base(1.0.1.513 version)\n 2.2.* IV69033s9b.150129.epkg.Z openssl.base(0.9.8.2504 version)\n 2.2.* IV69033s9c.150129.epkg.Z openssl.base(12.9.8.2504 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix12.tar\n cd openssl_fix12\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \tba67b128e22ca028756100a473137b64cd8758c8182e4cda8bc3293b69cb53ba IV69033s9a.150129.epkg.Z\n 1c244927ae807d9c55dee91366ac88488a1312103a19f3017758989f91759f48 IV69033s9b.150129.epkg.Z\n\t 361e751b0ce323b57b8865fca66e90f0dc541857a04b4c67f55874b01e98fffb IV69033s9c.150129.epkg.Z\n\n\t These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc.sig \n\n\topenssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99710\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99703\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99705\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99709\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99707\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99708 \n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/99704\n CVE-2014-3570 : https://vulners.com/cve/CVE-2014-3570\n CVE-2014-3571 : https://vulners.com/cve/CVE-2014-3571\n CVE-2014-3572 : https://vulners.com/cve/CVE-2014-3572\n CVE-2014-8275 : https://vulners.com/cve/CVE-2014-8275\n CVE-2015-0204 : https://vulners.com/cve/CVE-2015-0204\n CVE-2015-0205 : https://vulners.com/cve/CVE-2015-0205\n CVE-2015-0206 : https://vulners.com/cve/CVE-2015-0206\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "cvss3": {}, "published": "2015-02-04T06:24:41", "type": "aix", "title": "Multiple Security vulnerabilities in AIX OpenSSL", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2015-02-04T06:24:41", "id": "OPENSSL_ADVISORY12.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2023-02-21T05:36:53", "description": "## Summary\n\nSUMMARY: OpenSSL vulnerabilities were disclosed on January 8th, 2015 by the OpenSSL Project. OpenSSL is used by IBM InfoSphere Master Data Management. IBM InfoSphere Master Data Management has addressed the applicable CVEs provided by OpenSSL\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99710_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99710>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99703_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99705_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99709_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99707_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99707>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99708_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99704_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n\nIBM Initiate Master Data Service versions 8.1, 9.0, 9.2, 9.5, 9.7, 10.0, 10.1 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM Initiate Master Data Service Patient Hub versions 9.5, 9.7 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM Initiate Master Data Service Provider Hub versions 9.5, 9.7 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Patient Hub version 10.0 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Provider Hub version 10.0 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Enterprise Integrator Toolkit_ component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.0 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and [_Enterprise Integrator Toolkit_](<http://pic.dhe.ibm.com/infocenter/initiate/v9r5/topic/com.ibm.release_notes.doc/topics/r_release_notes_GAenterprise_integrator_toolkit.html>) component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.3 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component) \n \nIBM InfoSphere Master Data Management Standard/Advanced Edition version 11.4 (impacts [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component)\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service | \n\n8.1\n\n| None| [_8.1.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=8.1.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.0\n\n| None| [_9.0.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.0.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.2\n\n| None| [_9.2.032215 _](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.2.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.5\n\n| None| [_9.5.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.5.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| \n\n9.5\n\n| None| [_9.5.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.5.032215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.5\n\n| None| [_9.5.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.5.032215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service | \n\n9.7\n\n| None| [_9.7.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.7.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub \n| \n\n9.7\n\n| None| [_9.7.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.7.032215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| \n\n9.7\n\n| None| [_9.7.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.7.032215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.0\n\n| None| [_10.0.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.0.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Patient Hub | \n\n10.0\n\n| None| [_10.0.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=10.0.032215_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Provider Hub| \n\n10.0\n\n| None| [_10.0.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=10.0.032215_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| \n\n10.1\n\n| None| [_10.1.032215_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.032215_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.0\n\n| None| [11.0-FP3](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.0.0.3-MDM-SE-AE-FP03IF000_FC&source=SAR&function=fixId&parent=ibm/Information%20Management>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.3\n\n| None| [11.3-FP2](<http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FInformation+Management%2FInfoSphere+Master+Data+Management&fixids=11.3.0.2-MDM-SE-AE-FP02IF000_FC&source=SAR&function=fixId&parent=ibm/Information%20Management>) \n \n[IWM Samples](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-iismdms>) \nIBM InfoSphere Master Data Management Standard/Advanced Edition| \n\n11.4\n\n| None| [_11.4-FP2_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=All&platform=All&function=fixId&fixids=11.4.0.2-MDM-SE-AE-FP02IF000_FC&includeSupersedes=0&source=fc>) \n \n## ", "cvss3": {}, "published": "2022-04-27T09:58:00", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2014-3571, CVE-2015-0206, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2022-04-27T09:58:00", "id": "F4A34005E745D62ED5BBDB831E5D767C24B118051EFDE3423ADF017A2626FD14", "href": "https://www.ibm.com/support/pages/node/525807", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T09:36:54", "description": "## Summary\n\nA fix is available for IBM Storwize V7000 Unified, for the OpenSSL security vulnerabilities found in January 2015.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. \n** ** \n \n**CVEID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>) \n \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2014-3571](<https://vulners.com/cve/CVE-2014-3571>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when handling malicious messages. A remote attacker could exploit this vulnerability to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [CVE-2014-3572](<https://vulners.com/cve/CVE-2014-3572>) \n \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2014-8275](<https://vulners.com/cve/CVE-2014-8275>) \n \n**DESCRIPTION: **OpenSSL could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability and perform unauthorized actions. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0204](<https://vulners.com/cve/CVE-2015-0204>) \n \n**DESCRIPTION: **OpenSSL could provide weaker than expected security when using RSA. RSA is one of the algorithms used for secure data transmission. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2015-0205](<https://vulners.com/cve/CVE-2015-0205>) \n \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to authenticate without the use of a private key. \n \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2015-0206](<https://vulners.com/cve/CVE-2015-0206>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a memory leak in one of its functions. A remote attacker could exploit this vulnerability to exhaust all available memory resources, resulting in a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running a code releases 1.3.0.0 to 1.5.1.3\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.0 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.5.2.0 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall. \n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:11", "type": "ibm", "title": "Security Bulletin: OpenSSL security vulnerabilities in IBM Storwize V7000 Unified (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-18T00:09:11", "id": "9437657736284A97858F6CDD402B769C4DEEB9B4B52059A41B7084497BBE7679", "href": "https://www.ibm.com/support/pages/node/690237", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-13T09:36:52", "description": "## Summary\n\nA fix is available for IBM SONAS, for the OpenSSL security vulnerabilities found in January 2015.\n\n## Vulnerability Details\n\n \nOpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted. \n** ** \n \n**CVEID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2014-3571](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when handling malicious messages. A remote attacker could exploit this vulnerability to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:** [CVE-2014-3572](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2014-8275](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION: **OpenSSL could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability and perform unauthorized actions. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0204](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION: **OpenSSL could provide weaker than expected security when using RSA. RSA is one of the algorithms used for secure data transmission. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2015-0205](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to authenticate without the use of a private key. \n \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \n \n**CVEID: **[CVE-2015-0206](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a memory leak in one of its functions. A remote attacker could exploit this vulnerability to exhaust all available memory resources, resulting in a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n \nIBM SONAS \n \nAll products are affected when running code releases 1.3, 1.4 and 1.5 except for version 1.5.2.0 and above.\n\n## Remediation/Fixes\n\n \nA fix for these issues is in version 1.5.2.0 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.0 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:22", "type": "ibm", "title": "Security Bulletin: OpenSSL security vulnerabilities in IBM SONAS (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-18T00:09:22", "id": "2FE668D42E62E785093F7A1383964B8536CAA9C60BA914F71D88C743276D15F7", "href": "https://www.ibm.com/support/pages/node/690347", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:39:37", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by the Cordova platform packaged with Rational Application Developer for WebSphere Software and has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:**[_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n \n**Description:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \n \n**CVSS Base Score:** 2.6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:**[_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault.\n\n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99703> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:**[_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>)\n\n**Description:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.\n\n**CVSS Base Score: **1.2 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99705> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>)\n\n**Description:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions.\n\n**CVSS Base Score:** 1.2 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>)\n\n**Description:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system.\n\n**CVSS Base Score:** 1.2 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99707> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>)\n\n**Description:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.\n\n**CVSS Base Score: **2.1 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources\n\n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99704> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Rational Application Developer for WebSphere Software 9.1, 9.1.0.1, and 9.1.1\n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 9.1, 9.1.0.1, and 9.1.1| \n| \n\n * Apply [IBM SDK for Node.js 1.1.0.12](<https://www.ibm.com/developerworks/web/nodesdk/>) to the Cordova platform in the product. \n \nInstallation instructions for applying the update to the Cordova platform in the product can be found here: \n \n[Upgrading the IBM SDK for Node.js used by Cordova](<http://www.ibm.com/support/docview.wss?uid=swg21684946>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2020-02-05T00:09:48", "id": "20D9FD73B42624C1C3513A1858097222D9BA0D6A9B0665F5A6BD5CD4ED315DA2", "href": "https://www.ibm.com/support/pages/node/527183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:40:56", "description": "## Summary\n\nPortions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i (RPG and COBOL + Modernization Tools, Java and EGL editions), and Rational Developer for AIX and Linux. \nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by the Cordova platform packaged with Rational Application Developer for WebSphere Software and has addressed the applicable CVEs (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206). \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710>) or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n**Affected Product and Version(s)**\n\n| **Product and Version shipped as a component** \n---|--- \nIBM Rational Developer for i v9.1, v9.1.1 and v9.1.1.1 RPG and COBOL + Modernization Tools, Java Edition| Rational Application Developer 9.1, 9.1.1 \nIBM Rational Developer for i v9.1, v9.1.1 and v9.1.1.1, RPG and COBOL + Modernization Tools, EGL Edition| Rational Application Developer 9.1, 9.1.1 \nIBM Rational Developer for AIX and Linux v9.1 and v9.1.1, AIX COBOL Edition| Rational Application Developer 9.1, 9.1.1 \nIBM Rational Developer for AIX and Linux v9.1 and v9.1.1, C/C++ Edition| Rational Application Developer 9.1, 9.1.1 \n \n## Remediation/Fixes\n\nReview the Remediation/Fixes section of [Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)](<http://www.ibm.com/support/docview.wss?uid=swg21697140>) for instructions on obtaining the fix for this issue.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova platform packaged with Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-08-03T04:23:43", "id": "B109CC9FDED0C49D3D95375D16D391EDC04BBA2A574F1B4F6C062A55D8FDB73F", "href": "https://www.ibm.com/support/pages/node/257487", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-07T01:32:59", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as \u201cFREAK\u201d. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710>) or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by an error in the ssl3_get_key_exchange function. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability using man-in-the-middle techniques to facilitate brute-force decryption.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThis vulnerability affected IBM Workflow for Bluemix.\n\n## Remediation/Fixes\n\nThe production system has been upgraded. A user action is not required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-03-06T14:43:44", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2023-03-06T14:43:44", "id": "E297CE15C15A71E06225EE1F8E0468EA8DDA995147F4E4D843705D5A43330DF4", "href": "https://www.ibm.com/support/pages/node/258535", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:53:51", "description": "## Summary\n\nSecurity vulnerablities have been discovered in OpenSSL\n\n## Vulnerability Details\n\n**CVEID:**CVE-2014-3570 \n**DESCRIPTION: **An unspecified error in OpenSSL related to the production of incorrect results on \nsome platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99710> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:**CVE-2014-3571 \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference \nwhen handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker \ncould exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99703> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:**CVE-2014-3572 \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. The client accepts a \nhandshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An \nattacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:**CVE-2014-8275 \n**DESCRIPTION: **OpenSSL could allow a local attacker to bypass security restrictions, caused by the \nmodification of the fingerprint without breaking the signature. An attacker could exploit this \nvulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass \nsecurity restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:**CVE-2015-0204 \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. The client accepts the use of \nan RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this \nvulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:**CVE-2015-0205 \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to bypass security restrictions, \ncaused by the acceptance of a DH certificate for client authentication without verification. An attacker \ncould exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \n**CVEID:**CVE-2015-0206 \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a memory leak in the \ndtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a \nremote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99704> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SDN VE, Unified Controller, KVM Edition: 1.2.2 and earlier \nIBM SDN VE, Unified Controller, VMware Edition: 1.2.2 and earlier \nIBM SDN VE, Unified Controller, OpenFlow edition: 1.2.2 and earlier \nIBM SDN VE, DOVE Management Console, VMware Edition: 1.0.0 \nIBM SDN VE, Service Appliance, KVM Edition: 1.2.2 and earlier \nIBM SDN VE, Service Appliance, VMware Edition: 1.2.2 and earlier\n\n## Remediation/Fixes\n\nIBM recommends updating affected to the latest versions for which IBM is providing a fix, which are \nidentified below: \nIBM SDN VE, Unified Controller, KVM Edition: 1.2.3 \nIBM SDN VE, Unified Controller, VMware Edition: 1.2.3 \nIBM SDN VE, Service Appliance, KVM Edition: 1.2.3 \nIBM SDN VE, Service Appliance, VMware Edition: 1.2.3 \nThese are available from Fix Central and Passport Advantage.\n\n## Workarounds and Mitigations\n\nNone known \n: \n**Important note: **IBM strongly suggests that all System z customers subscribe to the System z \nSecurity Portal to receive the latest critical System z security and integrity service. If you are not \nsubscribed, see the instructions on the System z Security web site. Security and integrity APARs and \nassociated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying \nall security or integrity fixes as soon as possible to minimize any potential risk.\n\n## ", "cvss3": {}, "published": "2018-06-18T01:27:47", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM SDN-VE (CVE-2014-3570, CVE-\n2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-18T01:27:47", "id": "911070BAC03CF80753BA2CFD22E941440752AD66EFED97E91D08BEB5A373CCD1", "href": "https://www.ibm.com/support/pages/node/680477", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:02", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash.** \n**CVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99706> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n** \nCVE-ID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \nDESCRIPTION: An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact.** \n**CVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n** \nCVE-ID: **[_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \nDESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99703> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n** \nCVE-ID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \nDESCRIPTION: OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.** \n**CVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n** \nCVE-ID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \nDESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions.** \n**CVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n** \nCVE-ID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.** \n**CVSS Base Score: 2.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n** \nCVE-ID**: [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>)** \nDESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources** \n**CVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99704> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5 and 1.1.1.6\n\n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 10](<http://www-01.ibm.com/support/docview.wss?uid=swg24039564>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 10](<http://www-01.ibm.com/support/docview.wss?uid=swg24039564>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 9](<http://www-01.ibm.com/support/docview.wss?uid=swg24039563>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24039563>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:00:33", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-17T05:00:33", "id": "082DD4D3D5A2230E0A249956C9D5318C077607F91E27D9FBA96469263417C232", "href": "https://www.ibm.com/support/pages/node/256867", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:46:29", "description": "## Summary\n\nThere are multiple vulnerabilities in OpenSSL that is used by IBM Tivoli Composite Application Manager for Transactions. These issues were disclosed on January 8, 2015 by the OpenSSL Project.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \n \nCVSS Base Score: 2.600 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVE-ID: **[_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>)** \n** \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \n \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/99703> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVE-ID: **[_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.200 \nCVSS Temporal Score: _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99705>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVE-ID: **[_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \n \nCVSS Base Score: 1.200 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVE-ID: **[_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n** \nDESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 4.300 \nCVSS Temporal Score: _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99707>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVE-ID: **[_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \n \nCVSS Base Score: 2.100 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \n**CVE-ID: **[_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources. \n \nCVSS Base Score: 5.000 \nCVSS Temporal Score: _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99704>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitor (ISM \u2013 Agent code \u2018IS\u2019) is affected. \n \nVersions: \n\u00b7 7.4 \u2013 Affected by CVE's (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206) \n\u00b7 7.3 \u2013 Affected by CVE's (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206) \n\u00b7 7.2 \u2013 Affected by CVE's (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_7.4.0.0-TIV-CAMIS-IF0026_| _7.4.0.0_| _None_| [_http://www.ibm.com/support/docview.wss?uid=isg400002083_](<http://www.ibm.com/support/docview.wss?uid=isg400002083>) \n_7.3.0.1-TIV-CAMIS-IF0034_| _7.3.0.1_| _None_| [_http://www.ibm.com/support/docview.wss?uid=isg400002090_](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002090>) \n_7.2.0.3-TIV-CAMIS-IF0029_| _7.2.0.3_| _None_| [_http://www.ibm.com/support/docview.wss?uid=isg400002107_](<http://www.ibm.com/support/docview.wss?uid=isg400002107>) \n \nFor unsupported versions/releases IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n## ", "cvss3": {}, "published": "2018-06-17T14:56:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Composite Application Manager for Transactions (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-17T14:56:42", "id": "F5268DE4D308447E14FC618A3C21177AD2B2B1F46CB3B75F60E908782F34C984", "href": "https://www.ibm.com/support/pages/node/527271", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:47:11", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM Tivoli Netcool/Reporter Netcool/Reporter has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>)** \nDESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99706_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99706>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710_](<http://exchange.xforce.ibmcloud.com/>) or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Tivoli Netcool/Reporter 2.2\n\n## Remediation/Fixes\n\nYou must upgrade your current version of the Netcool/Reporter provided Apache 2.2.22 to include the updated OpenSSL (1.0.1m) which is available from Fix Central via Tivoli Netcool Reporter 2.2.0.9 IF0005, 2.2.0.9-TIV-NCReporter-IF0005. \n\nYou should verify applying this fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T15:02:34", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tivoli Netcool/Reporter (CVE\u2019s: 2014-3569, 2014-3570, 2014-3571, 2014-3572, 2014-8275, 2015-0205, 2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-17T15:02:34", "id": "80D6B1E89C59275C4183B6851642940B058D26DFCF91E2AA2372277A15E831D7", "href": "https://www.ibm.com/support/pages/node/265295", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:38:23", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by Multiple IBM N Series Products. Below IBM N Series Products have addressed the applicable CVEs.\n\n## Vulnerability Details\n\nOpenSSL is used in IBM N series Products for providing communication security by encrypting data being transmitted. \n\n**CVEID:** [_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash.\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99706_](<http://xforce.iss.net/xforce/xfdb/99706>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>)\n\n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact.\n\nCVSS Base Score: 2.6\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99710_](<http://xforce.iss.net/xforce/xfdb/99710>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault.\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99703_](<http://xforce.iss.net/xforce/xfdb/99703>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>)\n\n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.\n\nCVSS Base Score: 1.2\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99705_](<http://xforce.iss.net/xforce/xfdb/99705>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>)\n\n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions.\n\nCVSS Base Score: 1.2\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99709_](<http://xforce.iss.net/xforce/xfdb/99709>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>)\n\n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.\n\nCVSS Base Score: 2.1\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99708_](<http://xforce.iss.net/xforce/xfdb/99708>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>)\n\n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99704_](<http://xforce.iss.net/xforce/xfdb/99704>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>)\n\n**DESCRIPTION:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3\n\nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99707_](<http://xforce.iss.net/xforce/xfdb/99707>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nClustered Data ONTAP: 8.2.1, 8.2.2, 8.2.3, 8.2.4; \nClustered Data ONTAP Antivirus Connector: 1.0, 1.0.1, 1.0.2; \nData ONTAP operating in 7-Mode: 7.3.7, 8.1.4, 8.2.1, 8.2.2, 8.2.3; \nData ONTAP SMI-S Agent: 5.1.2, 5.2; \nNS OnCommand Core Package: 5.1.2, 5.2.1, 5.2; \nOpen Systems SnapVault: 3.0.1; \nSnapDrive for Unix: 5.2.2; \nSnapDrive for Windows: 7.1.1;\n\n## Remediation/Fixes\n\nFor_ _Data ONTAP SMI-S Agent: the fix exists from microcode version 5.2.1; \nFor_ _Data ONTAP operating in 7-Mode: the fix exists from microcode version 8.2.4; \nFor_ _NS OnCommand Core Package: the fix exists from microcode version 5.2.1P1; \nFor_ _Open Systems SnapVault: the fix exists from microcode version 3.0.1P7; \nFor_ _SnapDrive for Unix: the fix exists from microcode version 5.3; \nFor_ _SnapDrive for Windows: the fix exists from microcode version 7.1.2; \n\n\nPlease contact IBM support or go to this [_link_](<https://www-945.ibm.com/support/fixcentral/>) to download a supported release. For customers on Data ONTAP operating in 7-Mode 7.3.7, 8.1.4, please contact IBM support to upgrade your product version to a fixed release. For customers who are using Clustered Data ONTAP or Clustered Data ONTAP Antivirus Connector, please contact IBM support.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2021-12-15T18:04:22", "type": "ibm", "title": "Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-12-15T18:04:22", "id": "74883CCC877A00E64646F1A01AC3B85889471753497E3ACCE0292F7CF617291F", "href": "https://www.ibm.com/support/pages/node/696169", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:39:03", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>)** \nDESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/99706_](<http://xforce.iss.net/xforce/xfdb/99706>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710_](<http://exchange.xforce.ibmcloud.com/>) or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nOpenSSH for GPFS V3.5 for Windows\n\n## Remediation/Fixes\n\nIn GPFS V3.5.0.24 dated March 18, 2015, IBM upgraded OpenSSH for GPFS on Windows to use OpenSSL 1.0.1l to address these vulnerabilities. System administrators should update their systems to GPFS V3.5.0.24 by following the steps below. \n \n1\\. Download the GPFS 3.5.0.24 update package dated March 18, 2015 into any directory on your system from [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all>) \n \n2\\. Extract the contents of the ZIP archive so that the .msi file it includes is directly accessible to your system. \n \n3\\. Follow the instructions in the README included in the update package in order to install the OpenSSH msi package. This updated OpenSSH msi package is built using OpenSSL 1.0.1l. \n \nIf GPFS multiclustering is configured on Windows nodes, upgrade all OpenSSL packages that may have been installed. The following can be done on a small group of nodes at each time (ensuring that quorum is maintained) to maintain file system availability: \n \na. Stop GPFS on the node \nb. Install the version of OpenSSL \nc. Restart GPFS on the node\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-25T16:46:35", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-06-25T16:46:35", "id": "2F9EB7050356C406E631B5274AEC53CACCB554C8B5CBCF823A2680028726AAAC", "href": "https://www.ibm.com/support/pages/node/680515", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:36:52", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by IBM Security Network Intrusion Prevention System. IBM Security Network Intrusion Prevention System has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99706_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99706>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710>) or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https:/__/exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n \n**DESCRIPTION:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \n \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n\n \n \n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n \nProducts: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000 \n\n\n * Firmware versions 4.6.2, and 4.6.1 are affected by the following CVEs: \nCVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206\n * * Firmware versions 4.6, 4.5, 4.4, and 4.3 are affected by the following CVEs: \nCVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204\n\n## Remediation/Fixes\n\n \nYou should verify applying this fix does not cause any compatibility issues. \n\n\n * [_4.6.2.0-ISS-ProvG-AllModels-System-FP0007_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.2\n * [_4.6.1.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.1\n * [_4.6.0.0-ISS-ProvG-AllModels-System-FP0009_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.6\n * [_4.5.0.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.5\n * [_4.4.0.0-ISS-ProvG-AllModels-System-FP0011_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>) \nfor all IBM Security Network Intrusion Prevention System products at Firmware version 4.4\n * [_4.3.0.0-ISS-ProvG-AllModels-System-FP0009_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)_ \n_for all IBM Security Network Intrusion Prevention System products at Firmware version 4.3\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-02-23T19:48:26", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2022-02-23T19:48:26", "id": "370720DD138E7F0A22E9D2EC7B9B753467F08D4E08DA37215653D937EDB0E545", "href": "https://www.ibm.com/support/pages/node/257397", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-01T01:50:27", "description": "## Summary\n\nOpenSSL in Power Hardware Management Console contains multiple vulnerabilities ( \nCVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)\n\n## Vulnerability Details\n\nCVEID: CVE-2014-3569\n\n \nDescription: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99706> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nCVEID: CVE-2014-3570 \nDescription: An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.600 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99710> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \nCVEID: CVE-2014-3571 \nDescription: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99703> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nCVEID: CVE-2014-3572 \nDescription: OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.200 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99705> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \nCVEID: CVE-2014-8275 \nDescription: OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.200 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99709> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \nCVEID: CVE-2015-0204 \nDescription: OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.200 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99707> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \nCVEID: CVE-2015-0205 \nDescription: OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.100 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99708> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \nCVEID: CVE-2015-0206 \nDescription: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: <http://xforce.iss.net/xforce/xfdb/99704> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nPower HMC V7.7.3.0 \nPower HMC V7.7.7.0 \nPower HMC V7.7.8.0 \nPower HMC V7.7.9.0 \nPower HMC V8.8.1.0 \nPower HMC V8.8.2.0\n\n## Remediation/Fixes\n\nThe Following fixes are available on IBM Fix Central at <http://www-933.ibm.com/support/fixcentral/>\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nPower HMC| V7.7.3.0 SP7| MB03891| Apply eFix MH01503 \nPower HMC| V7.7.7.0 SP4| MB03904| Apply eFix MH01516 \nPower HMC| V7.7.8.0 SP2| MB03892| Apply eFix MH01504 \nPower HMC| V7.7.9.0 SP2| MB03893| Apply eFix MH01505 \nPower HMC| V8.8.1.0 SP1| MB03894| Apply eFix MH01506 \nPower HMC| V8.8.2.0 SP1| MB03895| Apply eFix MH01507 \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n06-Apr-2015 : Original Copy Published \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Internal Use Only\n\nPower HMC\n\n| V7.7.3.0 SP7| MB03891| Apply eFix MH01503 \n---|---|---|--- \n \n[{\"Product\":{\"code\":\"SSB6AA\",\"label\":\"Power System Hardware Management Console Physical Appliance\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"HMC\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-09-23T01:31:39", "id": "8B2DED0C68ECC00A46CE2034FAB93BA0EEB7F806C221A4FD33002EBA16C90F98", "href": "https://www.ibm.com/support/pages/node/646197", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:40:45", "description": "## Summary\n\nOpenSSL vulnerabilities along with SSL 3 Fallback protection (TLS_FALLBACK_SCSV) were disclosed on October 15, 2014 and January 8, 2015 by the OpenSSL Project. OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs and included the SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) provided by OpenSSL\n\n## Vulnerability Details\n\n**CVEID**: [CVE-2014-3513](<https://vulners.com/cve/CVE-2014-3513>) \n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the DTLS Secure Real-time Transport Protocol (SRTP) extension parsing code. By sending multiple specially-crafted handshake messages, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server. \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97035> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID**:[ CVE-2014-3567](<https://vulners.com/cve/CVE-2014-3567>) \n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by a memory leak when handling failed session ticket integrity checks. By sending an overly large number of invalid session tickets, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server. \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97036> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [CVE-2014-3572](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-8275](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-0204](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-0205](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Express for UNIX 1.4.6 \n\\- All versions prior to 1.4.6.1 iFix 146-108 \n \nIBM Sterling Connect:Express for UNIX 1.5.0.11 \n\\- All versions prior to 1.5.0.11 iFix 150-1109\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information about the available fixes \nVRMF | Remediation \n---|--- \n1.4.6 | Please contact your local [IBM Remote Technical Support Center ](<https://www-304.ibm.com/webapp/set2/sas/f/handbook/contacts.html>)to request Connect:Express 1.4.6.1 iFix 146-109 \n1.5.0.11 | Apply 1.5.0.11 iFix 150-1110, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Sterling+Connect%3AExpress+for+UNIX&release=All&platform=All&function=all>) \n \nIn addition to the fix installation and in order to protect Connect:Express from the CVE-2015-0204 vulnerability, EXPORT ciphers must be disabled in all SSL server definitions. Refer to the chapter 4 of IBM Sterling Connect:Express for UNIX Option SSL documentation to learn how to specify a cipher list in a SSL server definition. In the cipher list, all EXPORT ciphers must be disabled. Visit [https://www.openssl.org/ ](<https://www.openssl.org/>)to learn how to use the OpenSSL cipher list tool.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Express for UNIX (CVE-2014-3513, CVE-2014-3567, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205 and CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3570", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2020-07-24T22:49:37", "id": "7D226D01806C1C59E6610F664A15F9D27774FD340AD97273C9BC5E1EA774E83E", "href": "https://www.ibm.com/support/pages/node/714257", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:38:07", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by the Cordova platform packaged with Rational Software Architect and Rational Software Architect for WebSphere Software and has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>) \n \n**Description:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \n \n**CVSS Base Score:** 5.0 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99706>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID:**[_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n \n**Description:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \n \n**CVSS Base Score:** 2.6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n**CVEID:**[_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault.\n\n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99703>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:**[_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>)\n\n**Description:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.\n\n**CVSS Base Score: **1.2 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99705> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>)\n\n**Description:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions.\n\n**CVSS Base Score:** 1.2 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>)\n\n**Description:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99707> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>)\n\n**Description:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.\n\n**CVSS Base Score: **2.1 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99708>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:**[_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources\n\n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/99704>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nRational Software Architect 9.1 and 9.1.1 \n\nRational Software Architect for WebSphere Software 9.1 and 9.1.1\n\n## Remediation/Fixes\n\nUpdate the IBM SDK for Node.js using by the Cordova platform in the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Software Architect \n \nRational Software Architect for Websphere Software| 9.1 and 9.1.1| \n\n * Apply [IBM SDK for Node.js 1.1.0.12](<https://www.ibm.com/developerworks/web/nodesdk/>) to the Cordova platform in the product. \n \nInstallation instructions for applying the update to the Cordova platform in the product can be found here: \n \n[Upgrading the IBM SDK for Node.js used by Cordova](<http://www.ibm.com/support/docview.wss?uid=swg21684946>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-09-10T15:49:00", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affects Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-020", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2020-09-10T15:49:00", "id": "9D4CE3C1ABE40F94B4BE3EE8C4ACB8067AFF379F67374E38DF455E5F62978BC9", "href": "https://www.ibm.com/support/pages/node/257629", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:16", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in OpenSSL used with IBM Security Network Protection.\n\n## Vulnerability Details\n\n \n**CVEID:**[**_CVE-2014-3569_**](<https://vulners.com/cve/CVE-2014-3569>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99706_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99706>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P \n \n \n \n**CVEID:**[**_CVE-2014-3570_**](<https://vulners.com/cve/CVE-2014-3570>) \n \n**DESCRIPTION: **An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99710_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99710>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N \n \n \n \n**CVEID:**[**_CVE-2014-3571_**](<https://vulners.com/cve/CVE-2014-3571>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99703_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P \n \n \n \n**CVEID:**[**_CVE-2014-3572_**](<https://vulners.com/cve/CVE-2014-3572>) \n \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99705_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99705>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N \n \n \n \n**CVEID:**[**_CVE-2014-8275_**](<https://vulners.com/cve/CVE-2014-8275>) \n \n**DESCRIPTION: **OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99709_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99709>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N \n \n \n \n**CVEID:**[**_CVE-2015-0204_**](<https://vulners.com/cve/CVE-2015-0204>) \n \n**DESCRIPTION: **OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \n \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99707_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99707>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N \n \n \n \n**CVEID:**[**_CVE-2015-0205_**](<https://vulners.com/cve/CVE-2015-0205>) \n \n**DESCRIPTION: **OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \n \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99708_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N \n \n \n \n**CVEID:**[**_CVE-2015-0206_**](<https://vulners.com/cve/CVE-2015-0206>) \n \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/99704_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P\n\n## Affected Products and Versions\n\nProducts: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 \nFirmware versions: 5.2, 5.3\n\n## Remediation/Fixes\n\nIBM has provided fixes for all supported versions. Follow the installation instructions in the README files included with the fix. \n\n\n * Firmware 5.2: [_5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0007_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/IBM+Security+Network+Protection&release=5.2&platform=All&function=all>)\n * Firmware 5.3: Firmware Update 5.3.0.4 for IBM Security Network Protection products at version 5.3** \n**[_https://ibmss.flexnetoperations.com_](<https://ibmss.flexnetoperations.com/>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:22:25", "type": "ibm", "title": "Security Bulletin: IBM Security Network Protection is affected by OpenSSL vulnerabilities (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-16T21:22:25", "id": "67EF437A7EE9F806664D3B7FEB18353C77D537D23FE902D56CE220B1302C1BDA", "href": "https://www.ibm.com/support/pages/node/526895", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:08", "description": "## Summary\n\nMultiple vulnerabilities in OpenSSL disclosed on January 8, 2015 by the OpenSSL Project\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2014-3569](<https://vulners.com/cve/CVE-2014-3569>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99706> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>)** \nDESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2014-3571](<https://vulners.com/cve/CVE-2014-3571>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99703> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2014-3572](<https://vulners.com/cve/CVE-2014-3572>)** \nDESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2014-8275](<https://vulners.com/cve/CVE-2014-8275>)** \nDESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2015-0204](<https://vulners.com/cve/CVE-2015-0204>)** \nDESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2015-0205](<https://vulners.com/cve/CVE-2015-0205>)** \nDESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99708> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N) \n \n**CVEID:** [CVE-2015-0206](<https://vulners.com/cve/CVE-2015-0206>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99704> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect IBM SDK for Node.js v1.1.0.11 and previous releases.\n\n## Remediation/Fixes\n\nThe fixes for these vulnerabilities are included in IBM SDK for Node.js v1.1.0.12 and subsequent releases. \n \nIBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from [_here_](<http://www.ibm.com/developerworks/web/nodesdk/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [_IBM support_](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n## ", "cvss3": {}, "published": "2018-08-09T04:20:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Current Release of IBM\u00ae SDK for Node.js\u2122", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-08-09T04:20:36", "id": "D8618C22C2CC7086DC30EEEDA381A4508223A7ECA27B540900371500AFAD2814", "href": "https://www.ibm.com/support/pages/node/525201", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:09", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js is used by IBM Business Process Manager Configuration Editor. IBM Business Process Manager Configuration Editor has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3569_](<https://vulners.com/cve/CVE-2014-3569>)** \nDESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99706> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3570_](<https://vulners.com/cve/CVE-2014-3570>) \n**DESCRIPTION:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99710> or the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-3571_](<https://vulners.com/cve/CVE-2014-3571>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>)[_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99703>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3572_](<https://vulners.com/cve/CVE-2014-3572>) \n**DESCRIPTION:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99705> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-8275_](<https://vulners.com/cve/CVE-2014-8275>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99709> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0204_](<https://vulners.com/cve/CVE-2015-0204>) \n**DESCRIPTION:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99707> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0205_](<https://vulners.com/cve/CVE-2015-0205>) \n**DESCRIPTION:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>)[_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99708>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0206_](<https://vulners.com/cve/CVE-2015-0206>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>)[_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99704>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n * IBM Business Process Manager V8.5.5 and V8.5.6\n\n## Remediation/Fixes\n\nInstall the interim fix for APAR JR52893 as appropriate for your current IBM Business Process Manager environment. \n\n * [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR52893>)\n * [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR52893>)\n * [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR52893>)\n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\n[IBM BPM Configuration Editor](<http://www-01.ibm.com/support/knowledgecenter/SSFPJS_8.5.5/com.ibm.wbpm.imuc.doc/topics/tmig_edit_adv_win.html>) is a stand-alone tool for editing properties file. Use a standard text file editor instead.\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:43", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2018-06-15T07:02:43", "id": "36DFBA3A2119551C6D14656B2EA79D2DAD4DA46982BD0D496ED45568D8A36444", "href": "https://www.ibm.com/support/pages/node/258601", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:51:40", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \"FREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware. IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes \"FREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. OpenSSL is used by IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware. IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware have addressed the applicable CVEs.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2014-3569](<https://vulners.com/cve/CVE-2014-3569>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99706> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>)\n\n**Description:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99710> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3571](<https://vulners.com/cve/CVE-2014-3571>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99703> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-3572](<https://vulners.com/cve/CVE-2014-3572>)\n\n**Description:** OpenSSL could provide weaker than expected security. The client accepts a handshake using an ephemeral ECDH ciphersuite with the server key exchange message omitted. An attacker could exploit this vulnerability to launch further attacks on the system.\n\nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99705> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-8275](<https://vulners.com/cve/CVE-2014-8275>)\n\n**Description:** OpenSSL could allow a local attacker to bypass security restrictions, caused by the modification of the fingerprint without breaking the signature. An attacker could exploit this vulnerability using non-DER or invalid encodings outside the signed portion of a certificate to bypass security restrictions and perform unauthorized actions.\n\nCVSS Base Score: 1.2 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99709> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0206](<https://vulners.com/cve/CVE-2015-0206>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a memory leak in the dtls1_buffer_record function. By sending repeated DTLS records with the same sequence number, a remote attacker could exploit this vulnerability to exhaust all available memory resources.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99704> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2015-0205](<https://vulners.com/cve/CVE-2015-0205>)\n\n**Description:** OpenSSL could allow a remote authenticated attacker to bypass security restrictions, caused by the acceptance of a DH certificate for client authentication without verification. An attacker could exploit this vulnerability to authenticate without the use of a private key.\n\nCVSS Base Score: 2.1 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99708> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0204](<https://vulners.com/cve/CVE-2015-0204>)\n\n**Description:** A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/99707> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nProduct | Affected Version | Fix Version \n---|---|--- \nIBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru \n(qlgc_fw_flex_9.1.5.03.00_anyos_noarch) | 9.1.0.xx, 9.1.1.xx, 9.1.2.xx, and 9.1.3.xx | 9.1.5.03.00 \nQLogic 8Gb FC Switch Module Firmware \n(qlgc_fw_bcsw_7.10.1.35_anyos_noarch) | 7.10.1.34.00 | 7.10.1.35.00 \n \n## Remediation/Fixes:\n\nFirmware updates are available at IBM Fix Central: <http://www.ibm.com/support/fixcentral/>.\n\nIt is recommended to apply the fix versions for the products listed above (or a later version).\n\n## Workarounds and Mitigations:\n\nNone.\n\n## References:\n\n * [Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide.html>)\n * [On-line Calculator v2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n\n**Related Information:** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n[Subscribe to Security Bulletins](<http://www.ibm.com/support/mynotifications/>)\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n18 February 2016: Original version published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {}, "published": "2019-01-31T02:25:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic 8Gb FC Switch Module Firmware", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-01-31T02:25:02", "id": "0605FD787540122AD2849575BC1ADAC8E131947D04B7A26E71551E12B9A939E2", "href": "https://www.ibm.com/support/pages/node/868438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:00", "description": "## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability. OpenSSL is used by FSM. FSM has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n## Summary\n\nOpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes FREAK: Factoring Attack on RSA-EXPORT keys TLS/SSL client and server vulnerability. OpenSSL is used by FSM. FSM has addressed the applicable CVEs.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2014-3569](<https://vulners.com/cve/CVE-2014-3569>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle attempts to use unsupported protocols by the ssl23_get_client_hello function in s23_srvr.c. A remote attacker could exploit this vulnerability using an unexpected handshake to trigger a NULL pointer dereference and cause the daemon to crash.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/99706> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-3570](<https://vulners.com/cve/CVE-2014-3570>)\n\n**Description:** An unspecified error in OpenSSL related to the production of incorrect results on some platforms by Bignum squaring (BN_sqr) has an unknown attack vector and impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/99710> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3571](<https://vulners.com/cve/CVE-2014-3571>)\n\n**Description:** OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious messages. By sending a specially-crafted DTLS message, a remote attacker could exploit this vulnerability to cause a segmentation fault.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/99703> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2