ID FEDORA_2012-0702.NASL Type nessus Reporter Tenable Modified 2015-10-20T00:00:00
Description
A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-0702.
#
include("compat.inc");
if (description)
{
script_id(57671);
script_version("$Revision: 1.9 $");
script_cvs_date("$Date: 2015/10/20 22:15:25 $");
script_cve_id("CVE-2011-4108", "CVE-2012-0050");
script_bugtraq_id(51281, 51563);
script_xref(name:"FEDORA", value:"2012-0702");
script_name(english:"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A new upstream package fixing a security vulnerability (DoS)
regression in DTLS introduced by the previous update.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=782795"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e20567cc"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openssl package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC15", reference:"openssl-1.0.0g-1.fc15")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
}
{"id": "FEDORA_2012-0702.NASL", "bulletinFamily": "scanner", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2012-01-25T00:00:00", "modified": "2015-10-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "type": "nessus", "lastseen": "2019-02-21T01:15:54", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "689535a42b7677ab8cec1e579ecf75dd6fd49d5900452b1fa65a7108c19225f1", "hashmap": [{"hash": "2b8a1122aa931b6485eeefc6840fa4f7", "key": "description"}, {"hash": "57363bf52ea59ad51df72c412dcfbda8", "key": "published"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bf19579baff4c95beca90f56531eeaff", "key": "pluginID"}, {"hash": "ffae9ce5273388ef3cb77be6d5950811", "key": "cvelist"}, {"hash": "cb6b739eca6cccc82ccb1d70a823c7b5", "key": "sourceData"}, {"hash": "bf453a7a0e103ad828288b3b5ad1a6a3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bdbaa8bae59e2f99eeb14e59c541c3d", "key": "cpe"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d7fcf8d1863d6782bc49165db611e705", "key": "title"}, {"hash": "6ffa8a1b73b1297cb5c3c33e76db9888", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "id": "FEDORA_2012-0702.NASL", "lastseen": "2017-10-29T13:41:11", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57671", "published": "2012-01-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:41:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "7b4836b2710da2ae9cc84184b9dca1eee76af88484886760e0a947d455351f03", "hashmap": [{"hash": "2b8a1122aa931b6485eeefc6840fa4f7", "key": "description"}, {"hash": "57363bf52ea59ad51df72c412dcfbda8", "key": "published"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bf19579baff4c95beca90f56531eeaff", "key": "pluginID"}, {"hash": "ffae9ce5273388ef3cb77be6d5950811", "key": "cvelist"}, {"hash": "cb6b739eca6cccc82ccb1d70a823c7b5", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bf453a7a0e103ad828288b3b5ad1a6a3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bdbaa8bae59e2f99eeb14e59c541c3d", "key": "cpe"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "d7fcf8d1863d6782bc49165db611e705", "key": "title"}, {"hash": "6ffa8a1b73b1297cb5c3c33e76db9888", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "id": "FEDORA_2012-0702.NASL", "lastseen": "2018-08-30T19:48:51", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57671", "published": "2012-01-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:48:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:13:02", "references": [{"idList": ["SOL15417", "SOL15388"], "type": "f5"}, {"idList": ["GLSA-201203-12"], "type": "gentoo"}, {"idList": ["CVE-2011-4108", "CVE-2012-0050"], "type": "cve"}, {"idList": ["DEBIAN:DSA-2390-1:7F77A", "DEBIAN:DSA-2392-1:5DB15"], "type": "debian"}, {"idList": ["OPENSSL_ADVISORY3.ASC"], "type": "aix"}, {"idList": ["OPENSSL_1_0_0G.NASL", "FREEBSD_PKG_5C5F19CE43AF11E189B4001EC9578670.NASL", "MANDRIVA_MDVSA-2012-011.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120206.NASL", "AIX_OPENSSL_ADVISORY3.NASL", "OPENSUSE-2012-99.NASL", "OPENSSL_0_9_8T.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120209.NASL", "F5_BIGIP_SOL15388.NASL", "FEDORA_2012-0708.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310863704", "OPENVAS:863945", "OPENVAS:1361412562310863945", "OPENVAS:136141256231070711", "OPENVAS:136141256231070750", "OPENVAS:1361412562310831533", "OPENVAS:70750", "OPENVAS:831533", "OPENVAS:863704", "OPENVAS:70711"], "type": "openvas"}, {"idList": ["USN-1357-1"], "type": "ubuntu"}, {"idList": ["ELSA-2012-0060", "ELSA-2012-0059"], "type": "oraclelinux"}, {"idList": ["OPENSSL:CVE-2012-0050,CVE-2011-4108", "OPENSSL:CVE-2011-4108", "OPENSSL:CVE-2011-4108,CVE-2012-0050"], "type": "openssl"}, {"idList": ["RHSA-2012:0109", "RHSA-2012:0060", "RHSA-2012:0059"], "type": "redhat"}, {"idList": ["CESA-2012:0059", "CESA-2012:0060"], "type": "centos"}, {"idList": ["SUSE-SU-2012:0674-1", "SUSE-SU-2012:0084-1", "OPENSUSE-SU-2012:0083-1"], "type": "suse"}, {"idList": ["ALAS-2012-038"], "type": "amazon"}, {"idList": ["SECURITYVULNS:VULN:12150", "SECURITYVULNS:VULN:12425", "SECURITYVULNS:DOC:28164"], "type": "securityvulns"}, {"idList": ["5C5F19CE-43AF-11E1-89B4-001EC9578670"], "type": "freebsd"}]}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "bfaf385178e61c7251b006e01f2932a40683091f3a607ec00c9d0da793f1a448", "hashmap": [{"hash": "57363bf52ea59ad51df72c412dcfbda8", "key": "published"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bf19579baff4c95beca90f56531eeaff", "key": "pluginID"}, {"hash": "ffae9ce5273388ef3cb77be6d5950811", "key": "cvelist"}, {"hash": "cb6b739eca6cccc82ccb1d70a823c7b5", "key": "sourceData"}, {"hash": "bf453a7a0e103ad828288b3b5ad1a6a3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bdbaa8bae59e2f99eeb14e59c541c3d", "key": "cpe"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d7fcf8d1863d6782bc49165db611e705", "key": "title"}, {"hash": "0202e0c5ddbd8f299afa6e88424d96a9", "key": "description"}, {"hash": "6ffa8a1b73b1297cb5c3c33e76db9888", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "id": "FEDORA_2012-0702.NASL", "lastseen": "2019-01-16T20:13:02", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57671", "published": "2012-01-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "type": "nessus", "viewCount": 6}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:13:02"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "689535a42b7677ab8cec1e579ecf75dd6fd49d5900452b1fa65a7108c19225f1", "hashmap": [{"hash": "2b8a1122aa931b6485eeefc6840fa4f7", "key": "description"}, {"hash": "57363bf52ea59ad51df72c412dcfbda8", "key": "published"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bf19579baff4c95beca90f56531eeaff", "key": "pluginID"}, {"hash": "ffae9ce5273388ef3cb77be6d5950811", "key": "cvelist"}, {"hash": "cb6b739eca6cccc82ccb1d70a823c7b5", "key": "sourceData"}, {"hash": "bf453a7a0e103ad828288b3b5ad1a6a3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bdbaa8bae59e2f99eeb14e59c541c3d", "key": "cpe"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d7fcf8d1863d6782bc49165db611e705", "key": "title"}, {"hash": "6ffa8a1b73b1297cb5c3c33e76db9888", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "id": "FEDORA_2012-0702.NASL", "lastseen": "2018-09-01T23:55:43", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "57671", "published": "2012-01-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "type": "nessus", "viewCount": 6}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:55:43"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-4108", "CVE-2012-0050"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "a1eb1d13b4583c9e1887a7f3cb804820f6a6dc2269af361628d9862fb4ad5b74", "hashmap": [{"hash": "2b8a1122aa931b6485eeefc6840fa4f7", "key": "description"}, {"hash": "57363bf52ea59ad51df72c412dcfbda8", "key": "published"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bf19579baff4c95beca90f56531eeaff", "key": "pluginID"}, {"hash": "ffae9ce5273388ef3cb77be6d5950811", "key": "cvelist"}, {"hash": "cb6b739eca6cccc82ccb1d70a823c7b5", "key": "sourceData"}, {"hash": "bf453a7a0e103ad828288b3b5ad1a6a3", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d7fcf8d1863d6782bc49165db611e705", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "6ffa8a1b73b1297cb5c3c33e76db9888", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57671", "id": "FEDORA_2012-0702.NASL", "lastseen": "2016-09-26T17:25:28", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "57671", "published": "2012-01-25T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=782795", "http://www.nessus.org/u?e20567cc"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "title": "Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)", "type": "nessus", "viewCount": 4}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:28"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "1bdbaa8bae59e2f99eeb14e59c541c3d"}, {"key": "cvelist", "hash": "ffae9ce5273388ef3cb77be6d5950811"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "2b8a1122aa931b6485eeefc6840fa4f7"}, {"key": "href", "hash": "6ffa8a1b73b1297cb5c3c33e76db9888"}, {"key": "modified", "hash": "de38caaccc231e6a74b77a602b35db95"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "bf19579baff4c95beca90f56531eeaff"}, {"key": "published", "hash": "57363bf52ea59ad51df72c412dcfbda8"}, {"key": "references", "hash": "bf453a7a0e103ad828288b3b5ad1a6a3"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "cb6b739eca6cccc82ccb1d70a823c7b5"}, {"key": "title", "hash": "d7fcf8d1863d6782bc49165db611e705"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "689535a42b7677ab8cec1e579ecf75dd6fd49d5900452b1fa65a7108c19225f1", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "openssl", "idList": ["OPENSSL:CVE-2012-0050,CVE-2011-4108", "OPENSSL:CVE-2011-4108,CVE-2012-0050", "OPENSSL:CVE-2011-4108"]}, {"type": "f5", "idList": ["SOL15417", "SOL15388"]}, {"type": "cve", "idList": ["CVE-2011-4108", "CVE-2012-0050"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863945", "OPENVAS:1361412562310831533", "OPENVAS:863945", "OPENVAS:70750", "OPENVAS:136141256231070750", "OPENVAS:831533", "OPENVAS:863704", "OPENVAS:1361412562310863704", "OPENVAS:70711", "OPENVAS:136141256231070711"]}, {"type": "nessus", "idList": ["FEDORA_2012-0708.NASL", "AIX_OPENSSL_ADVISORY3.NASL", "F5_BIGIP_SOL15388.NASL", "OPENSUSE-2012-99.NASL", "SUSE_11_4_LIBOPENSSL-DEVEL-120206.NASL", "OPENSSL_0_9_8T.NASL", "SUSE_OPENSSL-7961.NASL", "SUSE_11_LIBOPENSSL-DEVEL-120209.NASL", "MANDRIVA_MDVSA-2012-011.NASL", "OPENSSL_1_0_0G.NASL"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY3.ASC"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0059", "ELSA-2012-0060"]}, {"type": "freebsd", "idList": ["5C5F19CE-43AF-11E1-89B4-001EC9578670"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2392-1:5DB15"]}, {"type": "gentoo", "idList": ["GLSA-201203-12"]}, {"type": "redhat", "idList": ["RHSA-2012:0109", "RHSA-2012:0059", "RHSA-2012:0060"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12150", "SECURITYVULNS:DOC:28164", "SECURITYVULNS:VULN:12425"]}, {"type": "ubuntu", "idList": ["USN-1357-1"]}, {"type": "centos", "idList": ["CESA-2012:0059", "CESA-2012:0060"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0083-1", "SUSE-SU-2012:0674-1", "SUSE-SU-2012:0084-1"]}, {"type": "amazon", "idList": ["ALAS-2012-038"]}], "modified": "2019-02-21T01:15:54"}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-02-21T01:15:54"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57671);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n\n script_name(english:\"Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20567cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openssl-1.0.0g-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "57671", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:15"], "scheme": null}
{"openssl": [{"lastseen": "2016-09-26T17:22:35", "bulletinFamily": "software", "description": "A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Reported by Antonio Martin.", "modified": "2012-01-04T00:00:00", "published": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4108,CVE-2012-0050", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4108, CVE-2012-0050)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-16T06:10:11", "bulletinFamily": "software", "description": "A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications are affected. Reported by Antonio Martin.", "modified": "2012-01-04T00:00:00", "published": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2012-0050,CVE-2011-4108", "href": "https://www.openssl.org/news/vulnerabilities.html", "title": "Vulnerability in OpenSSL (CVE-2012-0050, CVE-2011-4108)", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:35", "bulletinFamily": "software", "description": "OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Reported by Nadhem Alfardan and Kenny Paterson.", "modified": "2012-01-04T00:00:00", "published": "2012-01-04T00:00:00", "id": "OPENSSL:CVE-2011-4108", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2011-4108)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "f5": [{"lastseen": "2016-11-09T00:09:57", "bulletinFamily": "software", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-08-13T00:00:00", "published": "2014-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15417.html", "id": "SOL15417", "title": "SOL15417 - OpenSSL vulnerability CVE-2012-0050", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:04", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**BIG-IP 11.x**\n\nTo mitigate this vulnerability, you can configure your Secure Socket Layer (SSL) profile to use the NATIVE cipher suite. To do so, refer to SOL13171: Configuring the cipher strength for SSL profiles (11.x). \n\n\n**BIG-IP 10.x**\n\nTo mitigate this vulnerability, you can configure your SSL profile to use the NATIVE cipher suite. To do so, refer to SOL7815: Configuring the cipher strength for SSL profiles (9.x - 10.x).\n\nSupplemental Information\n\n * SOL8802: Using SSL ciphers with BIG-IP Client SSL and Server SSL profiles\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-08-11T00:00:00", "published": "2014-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html", "id": "SOL15388", "title": "SOL15388 - OpenSSL vulnerability CVE-2011-4108", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2019-05-29T18:11:24", "bulletinFamily": "NVD", "description": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.", "modified": "2016-08-23T02:04:00", "id": "CVE-2011-4108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4108", "published": "2012-01-06T01:55:00", "title": "CVE-2011-4108", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:12:19", "bulletinFamily": "NVD", "description": "OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.", "modified": "2016-08-23T02:04:00", "id": "CVE-2012-0050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0050", "published": "2012-01-19T19:55:00", "title": "CVE-2012-0050", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863945", "title": "Fedora Update for openssl FEDORA-2012-0708", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0708\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072232.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863945\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:37:41 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-0708\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0708\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-02-01T00:00:00", "id": "OPENVAS:1361412562310831533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831533", "title": "Mandriva Update for openssl MDVSA-2012:011 (openssl)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:011 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:011\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831533\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:37:09 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:011\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:011 (openssl)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"openssl on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found and corrected in openssl:\n\n OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,\n which allows remote attackers to cause a denial of service via\n unspecified vectors. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2011-4108 (CVE-2012-0050).\n\n The updated packages have been patched to correct this issue.\n\n The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t\n version which is not vulnerable to this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8t~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8t~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:58:01", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-01-02T00:00:00", "published": "2012-04-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863945", "id": "OPENVAS:863945", "title": "Fedora Update for openssl FEDORA-2012-0708", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0708\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 16\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072232.html\");\n script_id(863945);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:37:41 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-0708\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0708\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070750", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070750", "title": "FreeBSD Ports: openssl", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_openssl5.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 5c5f19ce-43af-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70750\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0050\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: openssl\n\nCVE-2012-0050\nOpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,\nwhich allows remote attackers to cause a denial of service via\nunspecified vectors. NOTE: this vulnerability exists because of an\nincorrect fix for CVE-2011-4108.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.openssl.org/news/secadv_20120118.txt\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/5c5f19ce-43af-11e1-89b4-001ec9578670.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_9\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-02T10:56:21", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2017-12-29T00:00:00", "published": "2012-02-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831533", "id": "OPENVAS:831533", "title": "Mandriva Update for openssl MDVSA-2012:011 (openssl)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for openssl MDVSA-2012:011 (openssl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in openssl:\n\n OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,\n which allows remote attackers to cause a denial of service via\n unspecified vectors. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2011-4108 (CVE-2012-0050).\n\n The updated packages have been patched to correct this issue.\n\n The openssl0.9.8 packages for 2010.2 have been upgraded to the 0.9.8t\n version which is not vulnerable to this issue.\";\n\ntag_affected = \"openssl on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:011\");\n script_id(831533);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-01 11:37:09 +0530 (Wed, 01 Feb 2012)\");\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:011\");\n script_name(\"Mandriva Update for openssl MDVSA-2012:011 (openssl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-static-devel\", rpm:\"libopenssl-static-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-devel\", rpm:\"lib64openssl-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-static-devel\", rpm:\"lib64openssl-static-devel~1.0.0d~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-devel\", rpm:\"libopenssl0.9.8-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8-static-devel\", rpm:\"libopenssl0.9.8-static-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-devel\", rpm:\"lib64openssl0.9.8-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8-static-devel\", rpm:\"lib64openssl0.9.8-static-devel~0.9.8h~3.13mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libopenssl0.9.8\", rpm:\"libopenssl0.9.8~0.9.8t~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0\", rpm:\"libopenssl1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-devel\", rpm:\"libopenssl1.0.0-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl1.0.0-static-devel\", rpm:\"libopenssl1.0.0-static-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libopenssl-engines1.0.0\", rpm:\"libopenssl-engines1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl0.9.8\", rpm:\"lib64openssl0.9.8~0.9.8t~0.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0\", rpm:\"lib64openssl1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-devel\", rpm:\"lib64openssl1.0.0-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl1.0.0-static-devel\", rpm:\"lib64openssl1.0.0-static-devel~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64openssl-engines1.0.0\", rpm:\"lib64openssl-engines1.0.0~1.0.0a~1.10mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-12T00:00:00", "published": "2012-02-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70750", "id": "OPENVAS:70750", "title": "FreeBSD Ports: openssl", "type": "openvas", "sourceData": "#\n#VID 5c5f19ce-43af-11e1-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 5c5f19ce-43af-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: openssl\n\nCVE-2012-0050\nOpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications,\nwhich allows remote attackers to cause a denial of service via\nunspecified vectors. NOTE: this vulnerability exists because of an\nincorrect fix for CVE-2011-4108.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssl.org/news/secadv_20120118.txt\nhttp://www.vuxml.org/freebsd/5c5f19ce-43af-11e1-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70750);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0050\");\n script_version(\"$Revision: 5940 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: openssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"openssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.0.0_9\")<0) {\n txt += 'Package openssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:56:38", "bulletinFamily": "scanner", "description": "Check for the Version of openssl", "modified": "2018-01-03T00:00:00", "published": "2012-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863704", "id": "OPENVAS:863704", "title": "Fedora Update for openssl FEDORA-2012-0702", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0702\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 15\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\");\n script_id(863704);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-3207\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-0702\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0702\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:1361412562310863704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863704", "title": "Fedora Update for openssl FEDORA-2012-0702", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2012-0702\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072380.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863704\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:14:25 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0050\", \"CVE-2011-3207\", \"CVE-2011-4108\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-0702\");\n script_name(\"Fedora Update for openssl FEDORA-2012-0702\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0g~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:50:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2392-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70711", "id": "OPENVAS:70711", "title": "Debian Security Advisory DSA 2392-1 (openssl)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2392_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2392-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Antonio Martin discovered a denial-of-service vulnerability in\nOpenSSL, an implementation of TLS and related protocols. A malicious\nclient can cause the DTLS server implementation to crash. Regular,\nTCP-based TLS is not affected by this issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze7.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.0g-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"The remote host is missing an update to openssl\nannounced via advisory DSA 2392-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202392-1\";\n\nif(description)\n{\n script_id(70711);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0050\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:01 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2392-1 (openssl)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openssl\nannounced via advisory DSA 2392-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070711", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070711", "title": "Debian Security Advisory DSA 2392-1 (openssl)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2392_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2392-1 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70711\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-0050\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:01 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2392-1 (openssl)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202392-1\");\n script_tag(name:\"insight\", value:\"Antonio Martin discovered a denial-of-service vulnerability in\nOpenSSL, an implementation of TLS and related protocols. A malicious\nclient can cause the DTLS server implementation to crash. Regular,\nTCP-based TLS is not affected by this issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze7.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.0g-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to openssl\nannounced via advisory DSA 2392-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15+lenny13\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15+lenny16\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8o-4squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.0g-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:15:53", "bulletinFamily": "scanner", "description": "A new upstream package fixing a security vulnerability (DoS) regression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2012-0708.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57627", "published": "2012-01-23T00:00:00", "title": "Fedora 16 : openssl-1.0.0g-1.fc16 (2012-0708)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0708.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57627);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-4108\", \"CVE-2012-0050\");\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"FEDORA\", value:\"2012-0708\");\n\n script_name(english:\"Fedora 16 : openssl-1.0.0g-1.fc16 (2012-0708)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A new upstream package fixing a security vulnerability (DoS)\nregression in DTLS introduced by the previous update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=782795\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/072232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d348b22b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openssl-1.0.0g-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:03", "bulletinFamily": "scanner", "description": "The version of OpenSSL running on the remote host is affected by the following vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050)", "modified": "2018-07-17T00:00:00", "id": "AIX_OPENSSL_ADVISORY3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73561", "published": "2014-04-16T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory3.asc", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory3.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73561);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/17 12:00:06\");\n\n script_cve_id(\n \"CVE-2011-4108\",\n \"CVE-2011-4109\",\n \"CVE-2011-4576\",\n \"CVE-2011-4619\",\n \"CVE-2012-0050\"\n );\n script_bugtraq_id(51281, 51563);\n script_xref(name:\"CERT\", value:\"737740\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory3.asc\");\n script_summary(english:\"Checks the version of the openssl packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote AIX host is running a vulnerable version of OpenSSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The DTLS implementation in OpenSSL before 0.9.8s and 1.x\n before 1.0.0f performs a MAC check only if certain\n padding is valid, which makes it easier for remote\n attackers to recover plaintext via a padding oracle\n attack. (CVE-2011-4108)\n\n - Double free vulnerability in OpenSSL 0.9.8 before\n 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows\n remote attackers to have an unspecified impact by\n triggering failure of a policy check. (CVE-2011-4109)\n\n - The SSL 3.0 implementation in OpenSSL before 0.9.8s and\n 1.x before 1.0.0f does not properly initialize data\n structures for block cipher padding, which might allow\n remote attackers to obtain sensitive information by\n decrypting the padding data sent by an SSL peer.\n (CVE-2011-4576)\n\n - The Server Gated Cryptography (SGC) implementation in\n OpenSSL before 0.9.8s and 1.x before 1.0.0f does not\n properly handle handshake restarts, which allows remote\n attackers to cause a denial of service via unspecified\n vectors. (CVE-2011-4619)\n\n - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS\n applications, which allows remote attackers to cause a\n denial of service via unspecified vectors. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2011-4108. (CVE-2012-0050)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available, and it can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat openssl.0.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.809.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of\nthe system be created. Verify it is both bootable and readable\nbefore proceeding.\n\nTo preview the fix installation :\n\n installp -apYd . openssl\n\nTo install the fix package :\n\n installp -aXYd . openssl\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.2\" && oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.2 / 5.3 / 6.1 / 7.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.2\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.808\", fixpackagever:\"0.9.8.809\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1800\", fixpackagever:\"0.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\nif (aix_check_package(release:\"7.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1800\", fixpackagever:\"12.9.8.1801\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base / openssl-fips.base\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:22:30", "bulletinFamily": "scanner", "description": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL15388.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78181", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (SOL15388)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15388.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78181);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2011-4108\");\n script_bugtraq_id(51281);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (SOL15388)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f\nperforms a MAC check only if certain padding is valid, which makes it\neasier for remote attackers to recover plaintext via a padding oracle\nattack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15388\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15388.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15388\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.4.0-11.5.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:21:28", "bulletinFamily": "scanner", "description": "fix regression introduced in previous openssl update that could lead to a DoS", "modified": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-99.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74859", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : openssl (openSUSE-2012-99)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-99.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74859);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:09:12 $\");\n\n script_cve_id(\"CVE-2012-0050\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2012-99)\");\n script_summary(english:\"Check for the openSUSE-2012-99 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix regression introduced in previous openssl update that could lead\nto a DoS\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742821\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl-devel-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debuginfo-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"openssl-debugsource-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0e-34.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0e-34.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:51", "bulletinFamily": "scanner", "description": "This update of OpenSSL fixes a Denial of Services issue (CVE-2012-0050).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_4_LIBOPENSSL-DEVEL-120206.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75909", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0266-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libopenssl-devel-5761.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75909);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-0050\");\n\n script_name(english:\"openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0266-1)\");\n script_summary(english:\"Check for the libopenssl-devel-5761 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenSSL fixes a Denial of Services issue\n(CVE-2012-0050).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00052.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libopenssl-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl-devel-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libopenssl1_0_0-debuginfo-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debuginfo-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"openssl-debugsource-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.0c-18.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.0c-18.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:55", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server uses OpenSSL version 0.9.8s. This version has a flaw in the fix for CVE-2011-4108 such that Datagram Transport Layer Security (DTLS) applications that use it are vulnerable to a denial of service attack.", "modified": "2018-11-15T00:00:00", "id": "OPENSSL_0_9_8T.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57711", "published": "2012-01-27T00:00:00", "title": "OpenSSL 0.9.8s DTLS Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57711);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2012-0050\");\n script_bugtraq_id(51563);\n\n script_name(english:\"OpenSSL 0.9.8s DTLS Denial of Service\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host may be affected by a denial of service\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server uses OpenSSL version\n0.9.8s. This version has a flaw in the fix for CVE-2011-4108 such\nthat Datagram Transport Layer Security (DTLS) applications that use it\nare vulnerable to a denial of service attack.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120118.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/changelog.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8t or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8t', min:\"0.9.8s\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:06", "bulletinFamily": "scanner", "description": "This update of OpenSSL fixes a Denial of Services issue that could be triggered via unspecified vectors. (CVE-2012-0050)", "modified": "2012-05-17T00:00:00", "id": "SUSE_OPENSSL-7961.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58033", "published": "2012-02-20T00:00:00", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7961)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58033);\n script_version (\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2012-0050\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7961)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenSSL fixes a Denial of Services issue that could be\ntriggered via unspecified vectors. (CVE-2012-0050)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0050.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7961.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"openssl-devel-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-devel-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"openssl-doc-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.60.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.60.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:16:06", "bulletinFamily": "scanner", "description": "This update of OpenSSL fixes a Denial of Services issue that could be triggered via unspecified vectors. (CVE-2012-0050)\n\nAlso, the SHA256 and SHA512 algorithms are now enabled by default.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_LIBOPENSSL-DEVEL-120209.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58031", "published": "2012-02-20T00:00:00", "title": "SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5808)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58031);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:00 $\");\n\n script_cve_id(\"CVE-2012-0050\");\n\n script_name(english:\"SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5808)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of OpenSSL fixes a Denial of Services issue that could be\ntriggered via unspecified vectors. (CVE-2012-0050)\n\nAlso, the SHA256 and SHA512 algorithms are now enabled by default.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=742821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=743344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0050.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5808.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"openssl-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libopenssl0_9_8-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"openssl-doc-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.28.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:55", "bulletinFamily": "scanner", "description": "According to its banner, the remote web server is running OpenSSL version 1.0.0f. This version has a flaw in the fix for CVE-2011-4108 such that Datagram Transport Layer Security (DTLS) applications that use it are vulnerable to a denial of service attack.", "modified": "2018-11-15T00:00:00", "id": "OPENSSL_1_0_0G.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57712", "published": "2012-01-27T00:00:00", "title": "OpenSSL 1.0.0f DTLS Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57712);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2012-0050\");\n script_bugtraq_id(51563);\n\n script_name(english:\"OpenSSL 1.0.0f DTLS Denial of Service\");\n script_summary(english:\"Does a banner check.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host may be affected by a denial of service\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running OpenSSL\nversion 1.0.0f. This version has a flaw in the fix for CVE-2011-4108\nsuch that Datagram Transport Layer Security (DTLS) applications that\nuse it are vulnerable to a denial of service attack.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20120118.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/changelog.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 1.0.0g or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0g', min:\"1.0.0f\", severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:54", "bulletinFamily": "scanner", "description": "Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2392.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57643", "published": "2012-01-24T00:00:00", "title": "Debian DSA-2392-1 : openssl - out-of-bounds read", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2392. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57643);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-0050\");\n script_bugtraq_id(37142, 49179);\n script_xref(name:\"DSA\", value:\"2392\");\n\n script_name(english:\"Debian DSA-2392-1 : openssl - out-of-bounds read\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Antonio Martin discovered a denial-of-service vulnerability in\nOpenSSL, an implementation of TLS and related protocols. A malicious\nclient can cause the DTLS server implementation to crash. Regular,\nTCP-based TLS is not affected by this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2392\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"openssl\", reference:\"0.9.8g-15+lenny16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Mar 21 13:02:49 CDT 2012\n|Updated: Thu Mar 22 09:06:21 CDT 2012\n|Added VIOS release reference \n|Updated: Tue Jun 5 11:06:56 CDT 2012\n|Corrected FIPS version\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\nor\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc\n\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Multiple OpenSSL vulnerabilities \n\nPLATFORMS: AIX 5.3, 6.1, 7.1, and earlier releases\n| VIOS 2.X and 1.5.2\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below\n\nCVE Numbers: CVE-2011-4108\n CVE-2011-4109\n CVE-2011-4576\n CVE-2011-4619\n CVE-2012-0050\n\n DETAILED INFORMATION\n\nI. DESCRIPTION (from cve.mitre.org)\n\n The DTLS implementation in OpenSSL before 0.9.8s and 1.x before \n 1.0.0f performs a MAC check only if certain padding is valid, which \n makes it easier for remote attackers to recover plaintext via a \n padding oracle attack. \n\n Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when \n X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have \n an unspecified impact by triggering failure of a policy check. \n\n The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before \n 1.0.0f does not properly initialize data structures for block cipher \n padding, which might allow remote attackers to obtain sensitive \n information by decrypting the padding data sent by an SSL peer. \n\n The Server Gated Cryptography (SGC) implementation in OpenSSL before \n 0.9.8s and 1.x before 1.0.0f does not properly handle handshake \n restarts, which allows remote attackers to cause a denial of service \n via unspecified vectors. \n\n OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, \n which allows remote attackers to cause a denial of service via \n unspecified vectors. NOTE: this vulnerability exists because of an \n incorrect fix for CVE-2011-4108. \n\n Please see the following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050\n\nII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n\n On VIO Server:\n\n oem_setup_env\n lslpp -L openssl.base\n\n The following fileset levels are vulnerable:\n\n AIX 7.1, 6.1, 5.3: all versions less than or equal 0.9.8.1800\n| AIX 7.1, 6.1, 5.3: FIPS capable versions less than or equal 12.9.8.1800\n AIX 5.2: all versions less than or equal 0.9.8.808\n| VIOS 2.X, 1.5.2: all versions less than or equal 0.9.8.1800\n\n IMPORTANT: If AIX OpenSSH is in use, it must be updated to version\n OpenSSH 5.0 or later, depending on the OpenSSL version according to\n following compatibility matrix:\n\n AIX OpenSSL OpenSSH\n ------------------------------------------------------------------\n 5.2 OpenSSL 0.9.8.80x OpenSSH 5.0\n 5.3,6.1,7.1 OpenSSL 0.9.8.18xx OpenSSH 5.8.0.61xx\n 5.3,6.1,7.1 OpenSSL-fips 12.9.8.18xx OpenSSH 5.8.0.61xx\n\n| VIOS OpenSSL OpenSSH\n| ------------------------------------------------------------------\n| 2.X,1.5.2 OpenSSL 0.9.8.18x OpenSSH 5.8.0.61xx\n\n AIX OpenSSH can be downloaded from:\n\n OpenSSH 5.0:\n http://sourceforge.net/projects/openssh-aix\n OpenSSH 5.8.0.61xx\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\nIII. FIXES\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n zcat openssl.0.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.809.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n\nIV. WORKAROUNDS\n\n There are no workarounds.\n\nV. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n C. Download the key from a PGP Public Key Server. The key ID is:\n\n\t 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (AIX)\n\niD8DBQFPzjky4fmd+Ci/qhIRAkaeAJ0blLzpoOJFKL6imKaREA/ZgB8hZQCgmjsm\nEVo11PKqS3djvRCmgvJPiaY=\n=zvSX\n-----END PGP SIGNATURE-----\n", "modified": "2012-06-05T11:06:56", "published": "2012-03-21T13:02:49", "id": "OPENSSL_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", "title": "Multiple OpenSSL vulnerabilities", "type": "aix", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "unix", "description": "[0.9.8e-20.1]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4109 - double free in policy checks (#771771)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)", "modified": "2012-01-24T00:00:00", "published": "2012-01-24T00:00:00", "id": "ELSA-2012-0060", "href": "http://linux.oracle.com/errata/ELSA-2012-0060.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "description": "[1.0.0-20.1]\n- fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery\n vulnerability and additional DTLS fixes (#771770)\n- fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)\n- fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778)\n- fix for CVE-2011-4619 - SGC restart DoS attack (#771780)", "modified": "2012-01-24T00:00:00", "published": "2012-01-24T00:00:00", "id": "ELSA-2012-0059", "href": "http://linux.oracle.com/errata/ELSA-2012-0059.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "unix", "description": "\nThe OpenSSL Team reports:\n\nA flaw in the fix to CVE-2011-4108 can be exploited in a\n\t denial of service attack. Only DTLS applications using OpenSSL\n\t 1.0.0f and 0.9.8s are affected.\n\n", "modified": "2012-01-18T00:00:00", "published": "2012-01-18T00:00:00", "id": "5C5F19CE-43AF-11E1-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/5c5f19ce-43af-11e1-89b4-001ec9578670.html", "title": "OpenSSL -- DTLS Denial of Service", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:51", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2392-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 23, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : out-of-bounds read\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0050\n\nAntonio Martin discovered a denial-of-service vulnerability in\nOpenSSL, an implementation of TLS and related protocols. A malicious\nclient can cause the DTLS server implementation to crash. Regular,\nTCP-based TLS is not affected by this issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny16.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze7.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.0g-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-23T19:32:27", "published": "2012-01-23T19:32:27", "id": "DEBIAN:DSA-2392-1:5DB15", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00016.html", "title": "[SECURITY] [DSA 2392-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:22", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2390-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4108 CVE-2011-4109 CVE-2011-4354\n CVE-2011-4576 CVE-2011-4619\n\nSeveral vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack.\n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check.\n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. (Regular\n\tRSA-based keys are not affected by this vulnerability.)\n\nCVE-2011-4576\n\tThe SSL 3.0 implementation does not properly initialize data\n\tstructures for block cipher padding, which might allow remote\n\tattackers to obtain sensitive information by decrypting the\n\tpadding data sent by an SSL peer.\n\nCVE-2011-4619\n\tThe Server Gated Cryptography (SGC) implementation in OpenSSL\n\tdoes not properly handle handshake restarts, unnecessarily\n\tsimplifying CPU exhaustion attacks.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-15T20:23:51", "published": "2012-01-15T20:23:51", "id": "DEBIAN:DSA-2390-1:7F77A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00012.html", "title": "[SECURITY] [DSA 2390-1] openssl security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:34:54", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to.\n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations.\n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. (BZ#788225)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2018-06-07T08:59:39", "published": "2012-02-15T05:00:00", "id": "RHSA-2012:0109", "href": "https://access.redhat.com/errata/RHSA-2012:0109", "type": "redhat", "title": "(RHSA-2012:0109) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:33:54", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "modified": "2017-09-08T11:57:45", "published": "2012-01-24T05:00:00", "id": "RHSA-2012:0060", "href": "https://access.redhat.com/errata/RHSA-2012:0060", "type": "redhat", "title": "(RHSA-2012:0060) Moderate: openssl security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:45", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n", "modified": "2018-06-06T20:24:34", "published": "2012-01-24T05:00:00", "id": "RHSA-2012:0059", "href": "https://access.redhat.com/errata/RHSA-2012:0059", "type": "redhat", "title": "(RHSA-2012:0059) Moderate: openssl security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n * Timing differences for decryption are exposed by CBC mode encryption in OpenSSL\u2019s implementation of DTLS (CVE-2011-4108). \n * A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). \n * Clients and servers using SSL 3.0 handshakes do not clear the block cipher padding, allowing a record to contain up to 15 bytes of uninitialized memory, which could include sensitive information (CVE-2011-4576). \n * Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577). \n * A resource management error can occur when OpenSSL\u2019s server gated cryptography (SGC) does not properly handle handshake restarts (CVE-2011-4619). \n * Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027). \n * An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service or obtain sensitive information, including plaintext passwords. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.0g\"", "modified": "2015-06-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "GLSA-201203-12", "href": "https://security.gentoo.org/glsa/201203-12", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "description": "Double free(), protection bypass, information leakages, DoS conditions.", "modified": "2012-01-20T00:00:00", "published": "2012-01-20T00:00:00", "id": "SECURITYVULNS:VULN:12150", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12150", "title": "OpenSSL library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c03315912\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03315912\r\nVersion: 1\r\n\r\nHPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote\r\nUnauthorized Access to Data, Unauthorized Disclosure of Information Denial of\r\nService (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2012-06-07\r\nLast Updated: 2012-06-07\r\n\r\nPotential Security Impact: Remote unauthorized access to data, unauthorized\r\ndisclosure of information, Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Onboard\r\nAdministrator (OA). The vulnerabilities could be exploited remotely resulting\r\nin unauthorized access to data, unauthorized disclosure of information, and\r\nDenial of Service (DoS).\r\n\r\nReferences: CVE-2011-3192, CVE-2011-1473, CVE-2011-2691, CVE-2011-4108,\r\nCVE-2011-4576, CVE-2011-4619, CVE-2012-0050, CVE-2012-0053, CVE-2012-0884,\r\nCVE-2012-2110, CVE-2012-1583, SSRT100654, Nessus 53360\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Onboard Administrator (OA) up to and including v3.55\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\nCVE-2012-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\nCVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\nCVE-2011-2691 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2011-1473 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\r\nCVE-2012-0884 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\r\nCVE-2012-1583 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made Onboard Administrator (OA) v3.56 or subsequent available to\r\nresolve the vulnerabilities.\r\n\r\nOnboard Administrator (OA) v3.56 is available here:\r\n\r\nhttp://www.hp.com/swpublishing/MTX-e41b71e6cfbe471dbd029deaab\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 7 June 2012 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated\r\nperiodically, is contained in HP Security Notice HPSN-2011-001:\r\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c02964430\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2012 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits;damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk/RB94ACgkQ4B86/C0qfVlG8ACfVds+3MuA3kLohkKj3BKSsjT2\r\nIKsAn34/TSWNZNR4LqwwVbCfScPGxTjw\r\n=gxe7\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-06-17T00:00:00", "published": "2012-06-17T00:00:00", "id": "SECURITYVULNS:DOC:28164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28164", "title": "[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "description": "Unauthorized access, DoS.", "modified": "2012-06-17T00:00:00", "published": "2012-06-17T00:00:00", "id": "SECURITYVULNS:VULN:12425", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12425", "title": "HP Onboard Administrator multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:33", "bulletinFamily": "unix", "description": "It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This could allow a remote attacker to cause a denial of service. (CVE-2012-0050)\n\nBen Laurie discovered a double free vulnerability in OpenSSL that could be triggered when the X509_V_FLAG_POLICY_CHECK flag is enabled. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4354)\n\nAdam Langley discovered that the SSL 3.0 implementation in OpenSSL did not properly initialize data structures for block cipher padding. This could allow a remote attacker to obtain sensitive information. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. (CVE-2011-4577)\n\nAdam Langley discovered that the Server Gated Cryptography (SGC) implementation in OpenSSL did not properly handle handshake restarts. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)", "modified": "2012-02-09T00:00:00", "published": "2012-02-09T00:00:00", "id": "USN-1357-1", "href": "https://usn.ubuntu.com/1357-1/", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:31:56", "bulletinFamily": "unix", "description": "This update of openssl fixes the following security issues:\n\n * Denial of Service or crash via CBC mode handling.\n (CVE-2012-2333\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333</a>\n > )\n * Incorrect integer conversions that could result in\n memory corruption. (CVE-2012-2110\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110</a>\n > , CVE-2012-2131\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131</a>\n > )\n * Potential memory leak in multithreaded key creation.\n * Symmetric crypto errors in PKCS7_decrypt.\n * Free headers after use in error message.\n * S/MIME verification may erroneously fail.\n * Tolerating bad MIME headers in ANS.1 parser.\n (CVE-2012-1165\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1165</a>\n > , CVE-2006-7250\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7250</a>\n > )\n * DTLS DoS Attack. (CVE-2012-0050\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050</a>\n > )\n * DTLS Plaintext Recovery Attack. (CVE-2011-4108\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108</a>\n > )\n * Double-free in Policy Checks. (CVE-2011-4109\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109</a>\n > )\n * Uninitialized SSL 3.0 Padding. (CVE-2011-4576\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576</a>\n > )\n * SGC Restart DoS Attack. (CVE-2011-4619\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619</a>\n > )\n\n\n", "modified": "2012-05-30T23:08:17", "published": "2012-05-30T23:08:17", "id": "SUSE-SU-2012:0674-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00018.html", "type": "suse", "title": "Security update for openssl (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:37", "bulletinFamily": "unix", "description": "Various security vulnerabilities have been fixed in openssl:\n\n - DTLS plaintext recovery attack (CVE-2011-4108)\n - uninitialized SSL 3.0 padding (CVE-2011-4576)\n - malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n - SGC restart DoS attack (CVE-2011-4619)\n - invalid GOST parameters DoS attack (CVE-2012-0027)\n\n", "modified": "2012-01-16T17:08:14", "published": "2012-01-16T17:08:14", "id": "OPENSUSE-SU-2012:0083-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00041.html", "title": "openssl: fixing various security issues (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T11:28:40", "bulletinFamily": "unix", "description": "Various security vulnerabilities have been fixed in OpenSSL:\n\n * DTLS plaintext recovery attack (CVE-2011-4108)\n * double-free in Policy Checks (CVE-2011-4109)\n * uninitialized SSL 3.0 padding (CVE-2011-4576)\n * malformed RFC 3779 data can cause assertion failures\n (CVE-2011-4577)\n * SGC restart DoS attack (CVE-2011-4619)\n", "modified": "2012-01-16T17:08:28", "published": "2012-01-16T17:08:28", "id": "SUSE-SU-2012:0084-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00042.html", "type": "suse", "title": "Security update for OpenSSL (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0059\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018396.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0059.html", "modified": "2012-01-30T15:25:59", "published": "2012-01-30T15:25:59", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018396.html", "id": "CESA-2012:0059", "title": "openssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0060\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/018421.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018391.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018392.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0060.html", "modified": "2012-02-07T07:39:01", "published": "2012-01-24T16:54:22", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018391.html", "id": "CESA-2012:0060", "title": "openssl security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:53", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. ([CVE-2011-4108 __](<https://access.redhat.com/security/cve/CVE-2011-4108>))\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. ([CVE-2011-4576 __](<https://access.redhat.com/security/cve/CVE-2011-4576>))\n\nA denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. ([CVE-2011-4577 __](<https://access.redhat.com/security/cve/CVE-2011-4577>))\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. ([CVE-2011-4619 __](<https://access.redhat.com/security/cve/CVE-2011-4619>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-1.0.0g-1.26.amzn1.i686 \n openssl-perl-1.0.0g-1.26.amzn1.i686 \n openssl-devel-1.0.0g-1.26.amzn1.i686 \n openssl-debuginfo-1.0.0g-1.26.amzn1.i686 \n openssl-static-1.0.0g-1.26.amzn1.i686 \n \n src: \n openssl-1.0.0g-1.26.amzn1.src \n \n x86_64: \n openssl-static-1.0.0g-1.26.amzn1.x86_64 \n openssl-debuginfo-1.0.0g-1.26.amzn1.x86_64 \n openssl-devel-1.0.0g-1.26.amzn1.x86_64 \n openssl-perl-1.0.0g-1.26.amzn1.x86_64 \n openssl-1.0.0g-1.26.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T15:14:00", "published": "2014-09-14T15:14:00", "id": "ALAS-2012-038", "href": "https://alas.aws.amazon.com/ALAS-2012-38.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
