Search...

GLSA-201412-39 : OpenSSL: Multiple vulnerabilities

2014-12-26T00:00:00

ID GENTOO_GLSA-201412-39.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
Modified 2014-12-26T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201412-39 (OpenSSL: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenSSL. Please review
  the CVE identifiers referenced below for details.

Impact :

A remote attacker may be able to cause a Denial of Service condition,
  perform Man-in-the-Middle attacks, obtain sensitive information, or
  bypass security restrictions.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201412-39.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80244);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-6449", "CVE-2013-6450", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3512", "CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-5139");
  script_bugtraq_id(64530, 64618, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084, 70584, 70585, 70586);
  script_xref(name:"GLSA", value:"201412-39");

  script_name(english:"GLSA-201412-39 : OpenSSL: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201412-39
(OpenSSL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSSL. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker may be able to cause a Denial of Service condition,
      perform Man-in-the-Middle attacks, obtain sensitive information, or
      bypass security restrictions.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201412-39"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All OpenSSL 1.0.1 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '&gt;=dev-libs/openssl-1.0.1j'
    All OpenSSL 0.9.8 users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '&gt;=dev-libs/openssl-0.9.8z_p2'
    Packages which depend on this library may need to be recompiled. Tools
      such as revdep-rebuild may assist in identifying these packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-libs/openssl", unaffected:make_list("ge 1.0.1j", "rge 0.9.8z_p2", "rge 0.9.8z_p3", "rge 0.9.8z_p4", "rge 0.9.8z_p5", "rge 0.9.8z_p6", "rge 0.9.8z_p7", "rge 0.9.8z_p8", "rge 0.9.8z_p9", "rge 0.9.8z_p10", "rge 0.9.8z_p11", "rge 0.9.8z_p12", "rge 0.9.8z_p13", "rge 0.9.8z_p14", "rge 0.9.8z_p15"), vulnerable:make_list("lt 1.0.1j"))) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenSSL");
}

JSON Vulners Source

Initial Source

{"id": "GENTOO_GLSA-201412-39.NASL", "bulletinFamily": "scanner", "title": "GLSA-201412-39 : OpenSSL: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201412-39\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service condition,\n perform Man-in-the-Middle attacks, obtain sensitive information, or\n bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2014-12-26T00:00:00", "modified": "2014-12-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/80244", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201412-39"], "cvelist": ["CVE-2014-3505", "CVE-2013-6449", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-3511", "CVE-2014-3506", "CVE-2013-6450", "CVE-2014-3567", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3568", "CVE-2014-3509", "CVE-2014-5139"], "type": "nessus", "lastseen": "2021-01-07T10:56:45", "edition": 20, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K15565", "SOL15567", "SOL15565", "SOL15158", "F5:K15567", "F5:K15573", "F5:K15158", "SOL15147", "SOL15573", "F5:K15568"]}, {"type": "openvas", "idList": ["OPENVAS:702998", "OPENVAS:1361412562310120249", "OPENVAS:1361412562310120187", "OPENVAS:1361412562310871227", "OPENVAS:1361412562310702998", "OPENVAS:1361412562310841924", "OPENVAS:1361412562310881988", "OPENVAS:1361412562310121325", "OPENVAS:1361412562310123331", "OPENVAS:1361412562310882005"]}, {"type": "gentoo", "idList": ["GLSA-201412-39"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_8AFF07EB1DBD11E4B6BA3C970E169BC2.NASL", "OPENSSL_1_0_1I.NASL", "ALA_ALAS-2014-391.NASL", "TOMCAT_8_0_15.NASL", "OPENSUSE-2014-509.NASL", "PFSENSE_SA-14_14.NASL", "DEBIAN_DSA-2998.NASL", "SOLARIS11_OPENSSL_20140915.NASL", "TOMCAT_7_0_57.NASL", "UBUNTU_USN-2308-1.NASL"]}, {"type": "freebsd", "idList": ["8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY10.ASC"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141008-OPENSSL"]}, {"type": "ubuntu", "idList": ["USN-2308-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-33-1:85002", "DEBIAN:DSA-2998-1:7D1C0"]}, {"type": "amazon", "idList": ["ALAS-2014-427", "ALAS-2014-391"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13908"]}, {"type": "slackware", "idList": ["SSA-2014-220-01"]}, {"type": "kaspersky", "idList": ["KLA10343"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1052", "ELSA-2014-1652"]}, {"type": "redhat", "idList": ["RHSA-2014:1054", "RHSA-2014:1052"]}, {"type": "centos", "idList": ["CESA-2014:1052"]}, {"type": "cve", "idList": ["CVE-2014-3510", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3507", "CVE-2013-6450", "CVE-2014-5139", "CVE-2014-3513", "CVE-2014-3567", "CVE-2013-6449"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2013-6450", "OPENSSL:CVE-2013-6449"]}, {"type": "fedora", "idList": ["FEDORA:E67696087B8D", "FEDORA:4227660CA765"]}], "modified": "2021-01-07T10:56:45", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-07T10:56:45", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-39.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80244);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6449\", \"CVE-2013-6450\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\", \"CVE-2014-5139\");\n script_bugtraq_id(64530, 64618, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084, 70584, 70585, 70586);\n script_xref(name:\"GLSA\", value:\"201412-39\");\n\n script_name(english:\"GLSA-201412-39 : OpenSSL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-39\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in OpenSSL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service condition,\n perform Man-in-the-Middle attacks, obtain sensitive information, or\n bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-39\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSL 1.0.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.1j'\n All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8z_p2'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.1j\", \"rge 0.9.8z_p2\", \"rge 0.9.8z_p3\", \"rge 0.9.8z_p4\", \"rge 0.9.8z_p5\", \"rge 0.9.8z_p6\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.1j\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "80244", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "scheme": null}

{"f5": [{"lastseen": "2017-10-12T02:11:04", "bulletinFamily": "software", "cvelist": ["CVE-2014-3505", "CVE-2014-3507", "CVE-2014-3506"], "edition": 1, "description": " \n\n\n * [CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>) \n \nDouble free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.\n * [CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>) \n \nd1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.\n * [CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>) \n \nMemory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.\n\nImpact \n\n\nRemote attackers may be able to cause a denial-of-service (DoS) via crafted Datagram Transport Layer Security (DTLS) packets.\n\nIf the previous table lists a version in the** Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\nTo mitigate this vulnerability, you can perform the following tasks: \n\n\n * Verify that DTLS virtual servers referencing SSL profiles do not permit COMPAT SSL ciphers.\n * If you are using secure-mode for failover (**tmsh list /sys db failover.secure**), verify that the failover traffic is only allowed on an isolated Virtual Local Area Network (VLAN). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:04:00", "href": "https://support.f5.com/csp/article/K15573", "id": "F5:K15573", "type": "f5", "title": "OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:01", "bulletinFamily": "software", "cvelist": ["CVE-2014-3505", "CVE-2014-3507", "CVE-2014-3506"], "edition": 1, "description": "1 If you are planning to upgrade to BIG-IP APM 11.5.1 HF6 to mitigate this issue, you should instead upgrade to 11.5.1 HF7 to avoid an issue specific to BIG-IP APM. For more information, refer to SOL15914: The tmm process may restart and produce a core file after BIG-IP APM systems are upgraded. \n\n\n2 The SOD process is only vulnerable if the** failover.secure **db variable is enabled; the db variable is disabled by default.\n\nRecommended Action\n\nIf the previous table lists a version in the** Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nTo mitigate this vulnerability, you can perform the following tasks: \n\n\n * Verify that DTLS virtual servers referencing SSL profiles do not permit COMPAT SSL ciphers.\n * If you are using secure-mode for failover (**tmsh list /sys db failover.secure**), verify that the failover traffic is only allowed on an isolated Virtual Local Area Network (VLAN). \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-15T00:00:00", "published": "2014-09-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html", "id": "SOL15573", "title": "SOL15573 - OpenSSL DTLS vulnerabilities CVE-2014-3505, CVE-2014-3506, and CVE-2014-3507", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:05", "bulletinFamily": "software", "cvelist": ["CVE-2014-3512"], "edition": 1, "description": " \n\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. ([CVE-2014-3512](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512>)) \n\n\nImpact \n\n\nA malicious client or server may be able to overrun an internal buffer by sending invalid Secure Remote Password (SRP) parameters. Only applications which are explicitly set up for SRP use are affected.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate, do not enable SRP. SRP is not enabled, by default. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:21:00", "published": "2014-09-05T04:24:00", "href": "https://support.f5.com/csp/article/K15565", "id": "F5:K15565", "title": "OpenSSL vulnerability CVE-2014-3512", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:31", "bulletinFamily": "software", "cvelist": ["CVE-2013-6450"], "edition": 1, "description": "\nF5 Product Development has assigned ID 442452 (BIG-IP) and ID 410742 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H455494 on the **Diagnostics **> **Identified **> **Medium **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.4.0 - 11.4.1| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP APM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nBIG-IP Link Controller| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.5.0 - 11.5.1| 11.6.0 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nCOMPAT SSL ciphers \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| 6.0.0 - 6.4.0| None| ARX Manager GUI \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate the risk posed by this vulnerability, you should consider the following recommendations:\n\n * Limit Configuration utility access to a trusted management network.\n * Ensure that the SSL profiles are configured to use SSL ciphers from the NATIVE SSL stack. Starting in BIG-IP 10.2.3 and 11.0.0, commonly used cipher strings (excluding the COMPAT string) only include ciphers from the NATIVE SSL stack, and do not include SSL ciphers from the COMPAT SSL stack. \n\nFor example, the following cipher strings only include ciphers from the NATIVE SSL stack: \n \n\n\n * DEFAULT\n * ALL\n * LOW\n * MEDIUM\n * HIGH\n * EXP\n * Limit ARX Manager GUI access to a trusted management network.\n\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n", "modified": "2017-03-14T22:06:00", "published": "2014-04-17T21:12:00", "href": "https://support.f5.com/csp/article/K15158", "id": "F5:K15158", "title": "OpenSSL vulnerability CVE-2013-6450", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:23", "bulletinFamily": "software", "cvelist": ["CVE-2014-5139"], "edition": 1, "description": " \n\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. ([CVE-2014-5139](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139>)) \n\n\nImpact \n\n\nAn attacker may be able to cause a denial-of-service (DoS) attack by specifying a Secure Remote Password (SRP) ciphersuite, even if it was not properly negotiated with the client. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate systems, do not enable SRP. SRP is not enabled by default.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:36:00", "id": "F5:K15567", "href": "https://support.f5.com/csp/article/K15567", "title": "OpenSSL vulnerability CVE-2014-5139", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-03-19T09:01:49", "bulletinFamily": "software", "cvelist": ["CVE-2014-3512"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate, do not enable SRP. SRP is not enabled, by default. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-09-04T00:00:00", "published": "2014-09-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html", "id": "SOL15565", "title": "SOL15565 - OpenSSL vulnerability CVE-2014-3512", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:17", "bulletinFamily": "software", "cvelist": ["CVE-2014-3510"], "edition": 1, "description": " \n\n\nThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. ([CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>))\n\nImpact \n\n\nA malicious server may be able to cause a denial-of-service (DoS) to clients using anonymous Diffie-Hellman (DH) ciphersuites via crafted packets.\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column in the previous table. If the **Versions known to be not vulnerable** column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.\n\nFor BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:\n\n * Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:20:00", "published": "2014-09-06T01:19:00", "href": "https://support.f5.com/csp/article/K15568", "id": "F5:K15568", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-3510", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-6449"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy. \n\n\nTo mitigate this vulnerability, you should consider the following recommendations: \n\n\n * Limit the Configuration utility access to a trusted management network.\n * Ensure that the SSL profiles are configured to use SSL ciphers from the NATIVE SSL stack. Starting in BIG-IP 10.2.3 and 11.0.0, commonly used cipher strings (excluding the COMPAT string) only include ciphers from the NATIVE SSL stack, and do not include SSL ciphers from the COMPAT SSL stack. For example, the following cipher strings only include ciphers from the NATIVE SSL stack: \n \n\n * DEFAULT\n * ALL\n * LOW\n * MEDIUM\n * HIGH\n * EXP\n\nSupplemental Information\n\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n", "modified": "2015-02-03T00:00:00", "published": "2014-04-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15147.html", "id": "SOL15147", "title": "SOL15147 - OpenSSL vulnerability CVE-2013-6449", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:05", "bulletinFamily": "software", "cvelist": ["CVE-2013-6450"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate the risk posed by this vulnerability, you should consider the following recommendations:\n\n * Limit Configuration utility access to a trusted management network.\n * Ensure that the SSL profiles are configured to use SSL ciphers from the NATIVE SSL stack. Starting in BIG-IP 10.2.3 and 11.0.0, commonly used cipher strings (excluding the COMPAT string) only include ciphers from the NATIVE SSL stack, and do not include SSL ciphers from the COMPAT SSL stack. \n\nFor example, the following cipher strings only include ciphers from the NATIVE SSL stack: \n \n\n\n * DEFAULT\n * ALL\n * LOW\n * MEDIUM\n * HIGH\n * EXP\n * Limit ARX Manager GUI access to a trusted management network.\n\nSupplemental Information\n\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n", "modified": "2016-07-25T00:00:00", "published": "2014-04-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15158.html", "id": "SOL15158", "title": "SOL15158 - OpenSSL vulnerability CVE-2013-6450", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:25", "bulletinFamily": "software", "cvelist": ["CVE-2014-5139"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability on LineRate systems, do not enable SRP. SRP is not enabled by default.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-09-05T00:00:00", "published": "2014-09-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html", "id": "SOL15567", "title": "SOL15567 - OpenSSL vulnerability CVE-2014-5139", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2013-6449", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-3511", "CVE-2014-3506", "CVE-2013-6450", "CVE-2014-3567", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3568", "CVE-2014-3509", "CVE-2014-5139"], "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition, perform Man-in-the-Middle attacks, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1j\"\n \n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-0.9.8z_p2\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "edition": 1, "modified": "2015-06-06T00:00:00", "published": "2014-12-26T00:00:00", "id": "GLSA-201412-39", "href": "https://security.gentoo.org/glsa/201412-39", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2013-6449", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-3511", "CVE-2014-3506", "CVE-2013-6450", "CVE-2014-3567", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3568", "CVE-2014-3509", "CVE-2014-5139"], "description": "Gentoo Linux Local Security Checks GLSA 201412-39", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121325", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-39", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-39.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121325\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:21 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-39\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-39\");\n script_cve_id(\"CVE-2013-6449\", \"CVE-2013-6450\", \"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-39\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1j\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p3\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p4\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p5\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p9\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1j\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120249", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-391)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120249\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:23 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-391)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenSSL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update openssl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3512\", \"CVE-2014-3511\", \"CVE-2014-3510\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1i~1.78.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1i~1.78.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1i~1.78.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1i~1.78.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-26T08:48:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.", "modified": "2017-07-11T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:702998", "href": "http://plugins.openvas.org/nasl.php?oid=702998", "type": "openvas", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"openssl on Debian Linux\";\ntag_insight = \"This package contains the openssl binary and related tools.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\";\ntag_summary = \"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512 \n).\n\nDetailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt \nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart \ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702998);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2998.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310841924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841924", "type": "openvas", "title": "Ubuntu Update for openssl USN-2308-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2308_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for openssl USN-2308-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841924\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:02:31 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\",\n \"CVE-2014-5139\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for openssl USN-2308-1\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Adam Langley and Wan-Teh Chang discovered that OpenSSL\nincorrectly handled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service.\n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr&#246 bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam&#228 ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2308-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2308-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.20\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nIt", "modified": "2019-03-19T00:00:00", "published": "2014-08-07T00:00:00", "id": "OPENVAS:1361412562310702998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702998", "type": "openvas", "title": "Debian Security Advisory DSA 2998-1 (openssl - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2998.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2998-1 using nvtgen 1.0\n# Script version: 1.1\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702998\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_name(\"Debian Security Advisory DSA 2998-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-07 00:00:00 +0200 (Thu, 07 Aug 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2998.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe checkrestart\ntool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u12\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "Oracle Linux Local Security Checks ELSA-2014-1052", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123331", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1052.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123331\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1052\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1052 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1052\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1052.html\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310871227", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871227", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:1052-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:1052-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871227\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:31 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:1052-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1052-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00026.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-14T00:00:00", "id": "OPENVAS:1361412562310881988", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881988", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:1052 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881988\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-14 05:54:57 +0200 (Thu, 14 Aug 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020488.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.15\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310882005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882005", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:1052 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:1052 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882005\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:20:03 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\",\n \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:1052 centos7\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram\nTransport Layer Security (DTLS) protocols, as well as a full-strength, general\npurpose cryptography library.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1052\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020489.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "description": "McAfee Email Gateway is vulnerable to one or more of the three Open Secure\nSockets Layer (OpenSSL) 3.0 (SSLv3) vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-07T00:00:00", "id": "OPENVAS:1361412562310105157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105157", "type": "openvas", "title": "McAfee Email Gateway - Three SSLv3 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mcafee_email_gateway_sb10091.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# McAfee Email Gateway - Three SSLv3 Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mcafee:email_gateway\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105157\");\n script_cve_id(\"CVE-2014-3513\", \"CVE-2014-3567\", \"CVE-2014-3568\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 11872 $\");\n\n script_name(\"McAfee Email Gateway - Three SSLv3 Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10091\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed version and hotfixes\");\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"McAfee Email Gateway is vulnerable to one or more of the three Open Secure\nSockets Layer (OpenSSL) 3.0 (SSLv3) vulnerabilities.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-07 17:42:14 +0100 (Wed, 07 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_mcafee_email_gateway_version.nasl\");\n script_mandatory_keys(\"mcafee_email_gateway/product_version\", \"mcafee_email_gateway/patches\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\nproduct = get_kb_item(\"mcafee_email_gateway/product_name\");\nif( ! product ) product = 'McAfee Email Gateway';\n\nif( ! patches = get_kb_item(\"mcafee_email_gateway/patches\") ) exit( 0 );\n\nif( version =~ \"^7\\.0\\.\" )\n{\n fixed = '7.0.2934.114';\n patch = '7.0.5h1014812';\n}\n\nelse if (version =~ \"^7\\.5\\.\")\n{\n fixed = \"7.5.3088.113\";\n patch = \"7.5.4h1014806\";\n}\n\nelse if (version =~ \"^7\\.6\\.\")\n{\n fixed = \"7.6.3044.120\";\n patch = \"7.6.2h1014803\";\n}\n\nelse\n exit( 0 );\n\nif( patch >< patches ) exit( 99 );\n\nif( version_is_less( version:version, test_version:fixed ) )\n{\n report = product + ' (' + version + ') is missing the patch ' + patch + '.\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 0 );\n\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-09-14T19:09:30", "description": "According to its self-reported version number, the Apache Tomcat\nservice listening on the remote host is 7.0.x prior to 7.0.57. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A memory double-free error exists in 'd1_both.c' related\n to handling DTLS packets that allows denial of service\n attacks. (CVE-2014-3505)\n\n - An unspecified error exists in 'd1_both.c' related to\n handling DTLS handshake messages that allows denial of\n service attacks due to large amounts of memory being\n consumed. (CVE-2014-3506)\n\n - A memory leak error exists in 'd1_both.c' related to\n handling specially crafted DTLS packets that allows\n denial of service attacks. (CVE-2014-3507)\n\n - An error exists in the 'OBJ_obj2txt' function when\n various 'X509_name_*' pretty printing functions are\n used, which leak process stack data, resulting in an\n information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allows denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - Buffer overflow errors exist in 'srp_lib.c' related to\n handling Secure Remote Password protocol (SRP)\n parameters, which can allow a denial of service or have\n other unspecified impact. (CVE-2014-3512)\n\n - A memory leak issue exists in 'd1_srtp.c' related to\n the DTLS SRTP extension handling and specially crafted\n handshake messages that can allow denial of service\n attacks. (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - A memory leak issue exists in 't1_lib.c' related to\n session ticket handling that can allow denial of service\n attacks. (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\n - A NULL pointer dereference error exists in 't1_lib.c',\n related to handling Secure Remote Password protocol\n (SRP) ServerHello messages, which allows a malicious\n server to crash a client, resulting in a denial of\n service. (CVE-2014-5139)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 22, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-03-05T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3566", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3567", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3568", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2015-03-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_57.NASL", "href": "https://www.tenable.com/plugins/nessus/81650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81650);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084,\n 70574,\n 70584,\n 70585,\n 70586\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the Apache Tomcat Version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice listening on the remote host is 7.0.x prior to 7.0.57. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A memory double-free error exists in 'd1_both.c' related\n to handling DTLS packets that allows denial of service\n attacks. (CVE-2014-3505)\n\n - An unspecified error exists in 'd1_both.c' related to\n handling DTLS handshake messages that allows denial of\n service attacks due to large amounts of memory being\n consumed. (CVE-2014-3506)\n\n - A memory leak error exists in 'd1_both.c' related to\n handling specially crafted DTLS packets that allows\n denial of service attacks. (CVE-2014-3507)\n\n - An error exists in the 'OBJ_obj2txt' function when\n various 'X509_name_*' pretty printing functions are\n used, which leak process stack data, resulting in an\n information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allows denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - Buffer overflow errors exist in 'srp_lib.c' related to\n handling Secure Remote Password protocol (SRP)\n parameters, which can allow a denial of service or have\n other unspecified impact. (CVE-2014-3512)\n\n - A memory leak issue exists in 'd1_srtp.c' related to\n the DTLS SRTP extension handling and specially crafted\n handshake messages that can allow denial of service\n attacks. (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - A memory leak issue exists in 't1_lib.c' related to\n session ticket handling that can allow denial of service\n attacks. (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\n - A NULL pointer dereference error exists in 't1_lib.c',\n related to handling Secure Remote Password protocol\n (SRP) ServerHello messages, which allows a malicious\n server to crash a client, resulting in a denial of\n service. (CVE-2014-5139)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-7.0-doc/changelog.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Update to Apache Tomcat version 7.0.57 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3505\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\", \"os_fingerprint.nasl\");\n\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntc_paranoia = FALSE;\n\n# Only fire on Windows if low paranoia\nif (report_paranoia < 2)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Windows\" >!< os) audit(AUDIT_OS_NOT, \"Microsoft Windows\");\n tc_paranoia = TRUE;\n}\n\ntomcat_check_version(fixed:\"7.0.57\", min:\"7.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^7(\\.0)?$\", paranoid:tc_paranoia);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:09:32", "description": "According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 8.0.x prior to 8.0.15. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A memory double-free error exists in 'd1_both.c' related\n to handling DTLS packets that allows denial of service\n attacks. (CVE-2014-3505)\n\n - An unspecified error exists in 'd1_both.c' related to\n handling DTLS handshake messages that allows denial of\n service attacks due to large amounts of memory being\n consumed. (CVE-2014-3506)\n\n - A memory leak error exists in 'd1_both.c' related to\n handling specially crafted DTLS packets that allows\n denial of service attacks. (CVE-2014-3507)\n\n - An error exists in the 'OBJ_obj2txt' function when\n various 'X509_name_*' pretty printing functions are\n used, which leak process stack data, resulting in an\n information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allows denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - Buffer overflow errors exist in 'srp_lib.c' related to\n handling Secure Remote Password protocol (SRP)\n parameters, which can allow a denial of service or have\n other unspecified impact. (CVE-2014-3512)\n\n - A memory leak issue exists in 'd1_srtp.c' related to\n the DTLS SRTP extension handling and specially crafted\n handshake messages that can allow denial of service\n attacks. (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - A memory leak issue exists in 't1_lib.c' related to\n session ticket handling that can allow denial of service\n attacks. (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\n - A NULL pointer dereference error exists in 't1_lib.c',\n related to handling Secure Remote Password protocol\n (SRP) ServerHello messages, which allows a malicious\n server to crash a client, resulting in a denial of\n service. (CVE-2014-5139)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 22, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-03-05T00:00:00", "title": "Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3566", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3567", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3568", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2015-03-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/81651", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81651);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-3513\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084,\n 70574,\n 70584,\n 70585,\n 70586\n );\n script_xref(name:\"CERT\", value:\"577193\");\n\n script_name(english:\"Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the Apache Tomcat Version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 8.0.x prior to 8.0.15. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A memory double-free error exists in 'd1_both.c' related\n to handling DTLS packets that allows denial of service\n attacks. (CVE-2014-3505)\n\n - An unspecified error exists in 'd1_both.c' related to\n handling DTLS handshake messages that allows denial of\n service attacks due to large amounts of memory being\n consumed. (CVE-2014-3506)\n\n - A memory leak error exists in 'd1_both.c' related to\n handling specially crafted DTLS packets that allows\n denial of service attacks. (CVE-2014-3507)\n\n - An error exists in the 'OBJ_obj2txt' function when\n various 'X509_name_*' pretty printing functions are\n used, which leak process stack data, resulting in an\n information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allows denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that allows a man-in-the-middle\n attacker to force usage of TLS 1.0 regardless of higher\n protocol levels being supported by both the server and\n the client. (CVE-2014-3511)\n\n - Buffer overflow errors exist in 'srp_lib.c' related to\n handling Secure Remote Password protocol (SRP)\n parameters, which can allow a denial of service or have\n other unspecified impact. (CVE-2014-3512)\n\n - A memory leak issue exists in 'd1_srtp.c' related to\n the DTLS SRTP extension handling and specially crafted\n handshake messages that can allow denial of service\n attacks. (CVE-2014-3513)\n\n - An error exists related to the way SSL 3.0 handles\n padding bytes when decrypting messages encrypted using\n block ciphers in cipher block chaining (CBC) mode.\n Man-in-the-middle attackers can decrypt a selected byte\n of a cipher text in as few as 256 tries if they are able\n to force a victim application to repeatedly send the\n same data over newly created SSL 3.0 connections. This\n is also known as the 'POODLE' issue. (CVE-2014-3566)\n\n - A memory leak issue exists in 't1_lib.c' related to\n session ticket handling that can allow denial of service\n attacks. (CVE-2014-3567)\n\n - An error exists related to the build configuration\n process and the 'no-ssl3' build option that allows\n servers and clients to process insecure SSL 3.0\n handshake messages. (CVE-2014-3568)\n\n - A NULL pointer dereference error exists in 't1_lib.c',\n related to handling Secure Remote Password protocol\n (SRP) ServerHello messages, which allows a malicious\n server to crash a client, resulting in a denial of\n service. (CVE-2014-5139)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/changelog.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Update to Apache Tomcat version 8.0.15 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3505\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"os_fingerprint.nasl\");\n\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntc_paranoia = FALSE;\n\n# Only fire on Windows if low paranoia\nif (report_paranoia < 2)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Windows\" >!< os) audit(AUDIT_OS_NOT, \"Microsoft Windows\");\n tc_paranoia = TRUE;\n}\n\ntomcat_check_version(fixed:\"8.0.15\", min:\"8.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^8(\\.0)?$\", paranoid:tc_paranoia);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:01:07", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Double free vulnerability in d1_both.c in the DTLS\n implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0\n before 1.0.0n, and 1.0.1 before 1.0.1i allows remote\n attackers to cause a denial of service (application\n crash) via crafted DTLS packets that trigger an error\n condition. (CVE-2014-3505)\n\n - d1_both.c in the DTLS implementation in OpenSSL 0.9.8\n before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before\n 1.0.1i allows remote attackers to cause a denial of\n service (memory consumption) via crafted DTLS handshake\n messages that trigger memory allocations corresponding\n to large length values. (CVE-2014-3506)\n\n - Memory leak in d1_both.c in the DTLS implementation in\n OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and\n 1.0.1 before 1.0.1i allows remote attackers to cause a\n denial of service (memory consumption) via zero-length\n DTLS fragments that trigger improper handling of the\n return value of a certain insert function.\n (CVE-2014-3507)\n\n - Race condition in the ssl_parse_serverhello_tlsext\n function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and\n 1.0.1 before 1.0.1i, when multithreading and session\n resumption are used, allows remote SSL servers to cause\n a denial of service (memory overwrite and client\n application crash) or possibly have unspecified other\n impact by sending Elliptic Curve (EC) Supported Point\n Formats Extension data. (CVE-2014-3509)\n\n - The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n,\n and 1.0.1 before 1.0.1i allows remote DTLS servers to\n cause a denial of service (NULL pointer dereference and\n client application crash) via a crafted handshake\n message in conjunction with a (1) anonymous DH or (2)\n anonymous ECDH ciphersuite. (CVE-2014-3510)\n\n - Multiple buffer overflows in crypto/srp/srp_lib.c in the\n SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via an invalid SRP (1) g, (2) A, or (3) B\n parameter. (CVE-2014-3512)\n\n - The ssl_set_client_disabled function in t1_lib.c in\n OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to\n cause a denial of service (NULL pointer dereference and\n client application crash) via a ServerHello message that\n includes an SRP ciphersuite without the required\n negotiation of that ciphersuite with the client.\n (CVE-2014-5139)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3507", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:openssl"], "id": "SOLARIS11_OPENSSL_20140915.NASL", "href": "https://www.tenable.com/plugins/nessus/80722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80722);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Double free vulnerability in d1_both.c in the DTLS\n implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0\n before 1.0.0n, and 1.0.1 before 1.0.1i allows remote\n attackers to cause a denial of service (application\n crash) via crafted DTLS packets that trigger an error\n condition. (CVE-2014-3505)\n\n - d1_both.c in the DTLS implementation in OpenSSL 0.9.8\n before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before\n 1.0.1i allows remote attackers to cause a denial of\n service (memory consumption) via crafted DTLS handshake\n messages that trigger memory allocations corresponding\n to large length values. (CVE-2014-3506)\n\n - Memory leak in d1_both.c in the DTLS implementation in\n OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and\n 1.0.1 before 1.0.1i allows remote attackers to cause a\n denial of service (memory consumption) via zero-length\n DTLS fragments that trigger improper handling of the\n return value of a certain insert function.\n (CVE-2014-3507)\n\n - Race condition in the ssl_parse_serverhello_tlsext\n function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and\n 1.0.1 before 1.0.1i, when multithreading and session\n resumption are used, allows remote SSL servers to cause\n a denial of service (memory overwrite and client\n application crash) or possibly have unspecified other\n impact by sending Elliptic Curve (EC) Supported Point\n Formats Extension data. (CVE-2014-3509)\n\n - The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n,\n and 1.0.1 before 1.0.1i allows remote DTLS servers to\n cause a denial of service (NULL pointer dereference and\n client application crash) via a crafted handshake\n message in conjunction with a (1) anonymous DH or (2)\n anonymous ECDH ciphersuite. (CVE-2014-3510)\n\n - Multiple buffer overflows in crypto/srp/srp_lib.c in the\n SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow\n remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other\n impact via an invalid SRP (1) g, (2) A, or (3) B\n parameter. (CVE-2014-3512)\n\n - The ssl_set_client_disabled function in t1_lib.c in\n OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to\n cause a denial of service (NULL pointer dereference and\n client application crash) via a ServerHello message that\n includes an SRP ciphersuite without the required\n negotiation of that ciphersuite with the client.\n (CVE-2014-5139)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-3505-denial-of-servicedos-vulnerability-in-openssl\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3506-resource-management-errors-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fb2b110\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3507-resource-management-errors-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b74fa96\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3509-race-conditions-vulnerability-in-openssl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6978582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-3510-denial-of-servicedos-vulnerability-in-openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-3512-buffer-errors-vulnerability-in-openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-5139-denial-of-servicedos-vulnerability-in-openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.2.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:openssl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^openssl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.2.0.5.0\", sru:\"SRU 11.2.2.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : openssl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"openssl\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:50:02", "description": "The version of stunnel installed on the remote host is prior to\nversion 5.03. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 26, "published": "2014-08-13T00:00:00", "title": "stunnel < 5.03 OpenSSL Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:stunnel:stunnel"], "id": "STUNNEL_5_03.NASL", "href": "https://www.tenable.com/plugins/nessus/77182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77182);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"stunnel < 5.03 OpenSSL Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of stunnel.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a program that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of stunnel installed on the remote host is prior to\nversion 5.03. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.stunnel.org/?page=sdf_ChangeLog\");\n # https://www.stunnel.org/pipermail/stunnel-announce/2014-August/000078.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfb06a2c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to stunnel version 5.03 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3512\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:stunnel:stunnel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"stunnel_installed.nasl\");\n script_require_keys(\"installed_sw/stunnel\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = 'stunnel';\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\n# Affected < 5.03\nif (\n version =~ \"^[0-4]($|[^0-9])\" ||\n version =~ \"^5\\.0[0-2]($|[^0-9])\"\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.03\\n';\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:53", "description": "A flaw was discovered in the way OpenSSL handled DTLS packets. A\nremote attacker could use this flaw to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory.\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP\nimplementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers\nto cause a denial of service (application crash) or possibly have\nunspecified other impact via an invalid SRP (1) g, (2) A, or (3) B\nparameter.\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions.\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory.\n\nA race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1\nbefore 1.0.1i allows remote SSL servers to cause a denial of service\n(NULL pointer dereference and client application crash) via a\nServerHello message that includes an SRP ciphersuite without the\nrequired negotiation of that ciphersuite with the client.", "edition": 23, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : openssl (ALAS-2014-391)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-391.NASL", "href": "https://www.tenable.com/plugins/nessus/78334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-391.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78334);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_xref(name:\"ALAS\", value:\"2014-391\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2014-391)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the way OpenSSL handled DTLS packets. A\nremote attacker could use this flaw to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory.\n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP\nimplementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers\nto cause a denial of service (application crash) or possibly have\nunspecified other impact via an invalid SRP (1) g, (2) A, or (3) B\nparameter.\n\nA flaw was found in the way OpenSSL handled fragmented handshake\npackets. A man-in-the-middle attacker could use this flaw to force a\nTLS/SSL server using OpenSSL to use TLS 1.0, even if both the client\nand the server supported newer protocol versions.\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\na handshake when using the anonymous Diffie-Hellman (DH) key exchange.\nA malicious server could cause a DTLS client using OpenSSL to crash if\nthat client had anonymous DH cipher suites enabled.\n\nIt was discovered that the OBJ_obj2txt() function could fail to\nproperly NUL-terminate its output. This could possibly cause an\napplication using OpenSSL functions to format fields of X.509\ncertificates to disclose portions of its memory.\n\nA race condition was found in the way OpenSSL handled ServerHello\nmessages with an included Supported EC Point Format extension. A\nmalicious server could possibly use this flaw to cause a\nmulti-threaded TLS/SSL client using OpenSSL to write into freed\nmemory, causing the client to crash or execute arbitrary code.\n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1\nbefore 1.0.1i allows remote SSL servers to cause a denial of service\n(NULL pointer dereference and client application crash) via a\nServerHello message that includes an SRP ciphersuite without the\nrequired negotiation of that ciphersuite with the client.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-391.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1i-1.78.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1i-1.78.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:54:14", "description": "According to its self-reported version number, the remote pfSense\ninstall is a version prior to 2.1.5 It is, therefore, affected by \nmultiple vulnerabilities.", "edition": 23, "cvss3": {"score": 7.4, "vector": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}, "published": "2018-03-21T00:00:00", "title": "pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-14_14.NASL", "href": "https://www.tenable.com/plugins/nessus/108516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108516);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is a version prior to 2.1.5 It is, therefore, affected by \nmultiple vulnerabilities.\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-14_14.openssl.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f5a6f06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.1.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.1.5\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:44", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.", "edition": 23, "published": "2014-08-09T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-220-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2014-08-09T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "p-cpe:/a:slackware:slackware_linux:openssl", "cpe:/o:slackware:slackware_linux:14.0", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2014-220-01.NASL", "href": "https://www.tenable.com/plugins/nessus/77091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-220-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77091);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084);\n script_xref(name:\"SSA\", value:\"2014-220-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2014-220-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8d020eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zb\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1i\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:18:36", "description": "The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)", "edition": 30, "published": "2014-09-10T00:00:00", "title": "AIX OpenSSL Advisory : openssl_advisory10.asc", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2014-09-10T00:00:00", "cpe": ["cpe:/a:openssl:openssl", "cpe:/o:ibm:aix"], "id": "AIX_OPENSSL_ADVISORY10.NASL", "href": "https://www.tenable.com/plugins/nessus/77603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory openssl_advisory10.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77603);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2014-3505\",\n \"CVE-2014-3506\",\n \"CVE-2014-3507\",\n \"CVE-2014-3508\",\n \"CVE-2014-3509\",\n \"CVE-2014-3510\",\n \"CVE-2014-3511\",\n \"CVE-2014-3512\",\n \"CVE-2014-5139\"\n );\n script_bugtraq_id(\n 69075,\n 69076,\n 69077,\n 69078,\n 69079,\n 69081,\n 69082,\n 69083,\n 69084\n );\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory10.asc\");\n script_summary(english:\"Checks the version of the openssl packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A memory double-free error exists related to handling\n DTLS packets that allows denial of service attacks.\n (CVE-2014-3505)\n\n - An unspecified error exists related to handling DTLS\n handshake messages that allows denial of service attacks\n due to large amounts of memory being consumed.\n (CVE-2014-3506)\n\n - A memory leak error exists related to handling\n specially crafted DTLS packets that allows denial of\n service attacks. (CVE-2014-3507)\n\n - An error exists related to 'OBJ_obj2txt' and the pretty\n printing 'X509_name_*' functions which leak stack data,\n resulting in an information disclosure. (CVE-2014-3508)\n\n - An error exists related to 'ec point format extension'\n handling and multithreaded clients that allows freed\n memory to be overwritten during a resumed session.\n (CVE-2014-3509)\n\n - A NULL pointer dereference error exists related to\n handling anonymous ECDH cipher suites and crafted\n handshake messages that allow denial of service attacks\n against clients. (CVE-2014-3510)\n\n - An error exists related to handling fragmented\n 'ClientHello' messages that could allow a\n man-in-the-middle attacker to force usage of TLS 1.0\n regardless of higher protocol levels being supported by\n both the server and the client. (CVE-2014-3511)\n\n - A buffer overflow error exists related to handling\n Secure Remote Password protocol (SRP) parameters having\n unspecified impact. (CVE-2014-3512)\n\n - A NULL pointer dereference error exists related to\n handling Secure Remote Password protocol (SRP) that\n allows a malicious server to crash a client, resulting\n in a denial of service. (CVE-2014-5139)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140806.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of the\nsystem be created. Verify that it is both bootable and readable before\nproceeding.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/10\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2502\nif (aix_check_ifix(release:\"5.3\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"098_fix\", package:\"openssl.base\", minfilesetver:\"0.9.8.401\", maxfilesetver:\"0.9.8.2502\") < 0) flag++;\n\n#1.0.1.511\nif (aix_check_ifix(release:\"5.3\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"101_fix\", package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.511\") < 0) flag++;\n\n#12.9.8.2502\nif (aix_check_ifix(release:\"5.3\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"1298_fix\", package:\"openssl.base\", minfilesetver:\"12.9.8.1100\", maxfilesetver:\"12.9.8.2502\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:46:56", "description": "The OpenSSL Project reports :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. [CVE-2014-3508]\n\nThe issue affects OpenSSL clients and allows a malicious server to\ncrash the client with a NULL pointer dereference (read) by specifying\nan SRP ciphersuite even though it was not properly negotiated with the\nclient. [CVE-2014-5139]\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory. [CVE-2014-3509]\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack. [CVE-2014-3505]\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack. [CVE-2014-3506]\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack. [CVE-2014-3507]\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages. [CVE-2014-3510]\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to\nnegotiate TLS 1.0 instead of higher protocol versions when the\nClientHello message is badly fragmented. This allows a\nman-in-the-middle attacker to force a downgrade to TLS 1.0 even if\nboth the server and the client support a higher protocol version, by\nmodifying the client's TLS records. [CVE-2014-3511]\n\nA malicious client or server can send invalid SRP parameters and\noverrun an internal buffer. Only applications which are explicitly set\nup for SRP use are affected. [CVE-2014-3512]", "edition": 22, "published": "2014-08-07T00:00:00", "title": "FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2014-08-07T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mingw32-openssl", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openssl"], "id": "FREEBSD_PKG_8AFF07EB1DBD11E4B6BA3C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/nessus/77036", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77036);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69082, 69083, 69084);\n script_xref(name:\"FreeBSD\", value:\"SA-14:18.openssl\");\n\n script_name(english:\"FreeBSD : OpenSSL -- multiple vulnerabilities (8aff07eb-1dbd-11e4-b6ba-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL Project reports :\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information\nfrom the stack. [CVE-2014-3508]\n\nThe issue affects OpenSSL clients and allows a malicious server to\ncrash the client with a NULL pointer dereference (read) by specifying\nan SRP ciphersuite even though it was not properly negotiated with the\nclient. [CVE-2014-5139]\n\nIf a multithreaded client connects to a malicious server using a\nresumed session and the server sends an ec point format extension it\ncould write up to 255 bytes to freed memory. [CVE-2014-3509]\n\nAn attacker can force an error condition which causes openssl to crash\nwhilst processing DTLS packets due to memory being freed twice. This\ncan be exploited through a Denial of Service attack. [CVE-2014-3505]\n\nAn attacker can force openssl to consume large amounts of memory\nwhilst processing DTLS handshake messages. This can be exploited\nthrough a Denial of Service attack. [CVE-2014-3506]\n\nBy sending carefully crafted DTLS packets an attacker could cause\nopenssl to leak memory. This can be exploited through a Denial of\nService attack. [CVE-2014-3507]\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are\nsubject to a denial of service attack. A malicious server can crash\nthe client with a NULL pointer dereference (read) by specifying an\nanonymous (EC)DH ciphersuite and sending carefully crafted handshake\nmessages. [CVE-2014-3510]\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to\nnegotiate TLS 1.0 instead of higher protocol versions when the\nClientHello message is badly fragmented. This allows a\nman-in-the-middle attacker to force a downgrade to TLS 1.0 even if\nboth the server and the client support a higher protocol version, by\nmodifying the client's TLS records. [CVE-2014-3511]\n\nA malicious client or server can send invalid SRP parameters and\noverrun an internal buffer. Only applications which are explicitly set\nup for SRP use are affected. [CVE-2014-3512]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20140806.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51e472c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1i\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:27:40", "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly\nhandled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this\nissue to cause OpenSSL to consume memory, resulting in a denial of\nservice. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to\ncause OpenSSL to leak memory, resulting in a denial of service. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access\nto sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this\nissue to cause clients to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3509)\n\nFelix Grobert discovered that OpenSSL incorrectly handled certain\nDTLS handshake messages. A malicious server could use this issue to\ncause clients to crash, resulting in a denial of service.\n(CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were\nable to perform a man-in-the-middle attack, this flaw could be used to\nforce a protocol downgrade to TLS 1.0. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly\nhandled certain SRP parameters. A remote attacker could use this with\napplications that use SRP to cause a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamaki discovered that OpenSSL\nincorrectly handled certain Server Hello messages that specify an SRP\nciphersuite. A malicious server could use this issue to cause clients\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2014-08-08T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : openssl vulnerabilities (USN-2308-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "modified": "2014-08-08T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2308-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2308-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77085);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3505\", \"CVE-2014-3506\", \"CVE-2014-3507\", \"CVE-2014-3508\", \"CVE-2014-3509\", \"CVE-2014-3510\", \"CVE-2014-3511\", \"CVE-2014-3512\", \"CVE-2014-5139\");\n script_bugtraq_id(69075, 69076, 69077, 69078, 69079, 69081, 69082, 69083, 69084);\n script_xref(name:\"USN\", value:\"2308-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : openssl vulnerabilities (USN-2308-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly\nhandled certain DTLS packets. A remote attacker could use this issue\nto cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this\nissue to cause OpenSSL to consume memory, resulting in a denial of\nservice. (CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to\ncause OpenSSL to leak memory, resulting in a denial of service. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access\nto sensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this\nissue to cause clients to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-3509)\n\nFelix Grobert discovered that OpenSSL incorrectly handled certain\nDTLS handshake messages. A malicious server could use this issue to\ncause clients to crash, resulting in a denial of service.\n(CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were\nable to perform a man-in-the-middle attack, this flaw could be used to\nforce a protocol downgrade to TLS 1.0. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly\nhandled certain SRP parameters. A remote attacker could use this with\napplications that use SRP to cause a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietamaki discovered that OpenSSL\nincorrectly handled certain Server Hello messages that specify an SRP\nciphersuite. A malicious server could use this issue to cause clients\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2308-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl0.9.8 and / or libssl1.0.0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libssl0.9.8\", pkgver:\"0.9.8k-7ubuntu8.20\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl0.9.8 / libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:12", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2998-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nAugust 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 \n CVE-2014-5139\n\nMultiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.\n\nFor the testing distribution (jessie), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-08-06T23:45:18", "published": "2014-08-06T23:45:18", "id": "DEBIAN:DSA-2998-1:7D1C0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00180.html", "title": "[SECURITY] [DSA 2998-1] openssl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:21:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3506", "CVE-2014-3510"], "description": "Package : openssl\nVersion : 0.9.8o-4squeeze17\nCVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 \n CVE-2014-3510\n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt's important that you upgrade the libssl0.9.8 package and not just\nthe openssl package.\n\nAll applications linked to openssl need to be restarted. You can use\nthe "checkrestart" tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.\n\n", "edition": 11, "modified": "2014-08-07T20:36:26", "published": "2014-08-07T20:36:26", "id": "DEBIAN:DLA-33-1:85002", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00007.html", "title": "[DLA 33-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "aix": [{"lastseen": "2019-05-29T19:19:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: <Tue Sep 9 00:50:00 CDT 2014>\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL Denial of Service due to double free\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3505\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL Denial of Service due to memory allocation of large length values\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3506\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL Denial of Service due to improper handling of the return value\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3507\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL allows attackers to obtain sensitive information\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3508\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Denial of Service due to memory overwrite\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3509\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n6. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3510\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n7. VULNERABILITY: AIX OpenSSL Man-in-the-Middle attack related to protocol downgrade issue\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3511\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n8. VULNERABILITY: AIX OpenSSL Denial of Service due to invalid SRP (1)g, (2)A or (3)B parameter\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3512\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n9. VULNERABILITY: AIX OpenSSL Denial of Service due to NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-5139\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-3505\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(application crash) via crafted DTLS packets that trigger an error condition.\n\n 2. CVE-2014-3506\n\tOpenSSL could allow remote attackers to cause a denial of service (memory \n\tconsumption) via crafted DTLS handshake messages that trigger memory \n\tallocations corresponding to large length values.\n\n 3. CVE-2014-3507\n\tOpenSSL could allow remote attackers to cause a denial of service \n\t(memory consumption) via zero-length DTLS fragments that trigger improper \n\thandling of the return value of insert function.\n\n 4. CVE-2014-3508\n\tOpenSSL could allow context-dependent attackers to obtain sensitive information \n\tfrom process stack memory by reading output from some functions when pretty \n\tprinting is used\n\n 5. CVE-2014-3509\n\tOpenSSL could allow remote SSL servers to cause a denial of service \n\t(memory overwrite and client application crash) or possibly have unspecified \n\timpact by sending Elliptic Curve (EC) Supported Point Formats Extension data when\n\tmultithreading and session resumption are used\n\n 6. CVE-2014-3510\n\tOpenSSL could allow remote DTLS servers to cause a denial of service \n\t(NULL pointer dereference and client application crash) via a crafted \n\thandshake message in conjunction with a (1) anonymous DH or \n\t(2) anonymous ECDH ciphersuite.\n\n 7. CVE-2014-3511\n\tOpenSSL could allow man-in-the middle attacker to force the use of TLS 1.0 by \n\ttriggering ClientHello message fragmentation in communication between a \n\tclient and server that both support later TLS versions, related to a \n\t\"protocol downgrade\" issue\n\n 8. CVE-2014-3512\n\tOpenssl could allow remote attackers to cause a denial of service or possibly \n\thave unspecified impact via an invalid SRP (1)g, (2)A or (3)B parameter\n\n 9. CVE-2014-5139\n\tOpenSSL could allow SSL servers to cause a denial of service (NULL pointer \n\tdeference and client application crash) through a ServerHello message that \n\tinclude an SRP ciphersuite without the required negotiation of that \n\tciphersuite with the client\n\nII. CVSS\n\n 1. CVE-2014-3505\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95163\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-3506\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95160\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-3507\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95161\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-3508\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95165\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3509\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95159\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 6. CVE-2014-3510\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95164\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 7. CVE-2014-3511\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95162\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 8. CVE-2014-3512\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95158\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 9. CVE-2014-5139\n CVSS Base Score: 5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95166\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n\n B. CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510\n\n AIX Fileset Lower Level Upper Level \n ------------------------------------------\n openssl.base 1.0.1.500 1.0.1.511\n openssl.base 0.9.8.401 0.9.8.2502\n openssl.base 12.9.8.1100 12.9.8.2502\n\n\nIV. SOLUTIONS\n\n A. FIXES\n\n Fix is available. The fix can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix10.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n releases.\n\n\tNote that the tar file contains Interim fixes that are based on OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name\n -------------------------------------------------------------------\n 5.3, 6.1, 7.1 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 5.3, 6.1, 7.1 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 5.3, 6.1, 7.1 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n VIOS Level Interim Fix (*.Z)\t Fileset Name\n -------------------------------------------------------------------\n 2.2.* 101_fix.140902.epkg.Z\t openssl.base(1.0.1.511 version)\n 2.2.* 098_fix.140902.epkg.Z\t openssl.base(0.9.8.2502 version)\n 2.2.* 1298_fix.140902.epkg.Z \t openssl.base(12.9.8.2502 version)\n\n\n To extract the fix from the tar file:\n\n tar xvf openssl_fix10.tar\n cd openssl_fix10\n\n Verify you have retrieved the fix intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the followng:\n\n openssl dgst -sha256 \t\t\t\t\t\t filename\t \n ----------------------------------------------------------------------------------------------\n \t4b5dcf19fbe1068b65b9ecc125d098fcf6f2077971e80c8da7bdfb2260554bd6 \t101_fix.140902.epkg.Z\n\t 834ff7e39d65c98eb7d96b877eab5c2f3ce9922d6ee5b8278358ae6b86d6ab87\t098_fix.140902.epkg.Z\n\t 749536a5247176e8074ba1ec289426cbd4b484c9925ce17a66b411fad2e90841\t1298_fix.140902.epkg.Z\n\n\t These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc.sig \n\n\t openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n These fixes will also be part of the next filesets of OpenSSL versions 0.9.8.2503, 12.9.8.2503 and 1.0.1.512.\n\t\n These filesets will be made available by 10th October 2014 and can be downloaded from - \n\n\t https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=aixbp&lang=en_US&S_PKG=openssl&cp=UTF-8\n\n \n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95163\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95160\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95161\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95165\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95159\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95164\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95162\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95158\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/95166\n CVE-2014-3505 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n CVE-2014-3506 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n CVE-2014-3507 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n CVE-2014-3508 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n CVE-2014-3509 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n CVE-2014-3510 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n CVE-2014-3511 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n CVE-2014-3512 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n CVE-2014-5139 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 4, "modified": "2014-09-09T00:50:00", "published": "2014-09-09T00:50:00", "id": "OPENSSL_ADVISORY10.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc", "title": "AIX OpenSSL Denial of Service due to double free and others", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:15", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled \ncertain DTLS packets. A remote attacker could use this issue to cause \nOpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when \nprocessing DTLS handshake messages. A remote attacker could use this issue \nto cause OpenSSL to consume memory, resulting in a denial of service. \n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when \nprocessing DTLS fragments. A remote attacker could use this issue to cause \nOpenSSL to leak memory, resulting in a denial of service. This issue \nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in \nthe pretty printing functions. When OpenSSL is used with certain \napplications, an attacker may use this issue to possibly gain access to \nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when \nprocessing serverhello messages. A malicious server could use this issue \nto cause clients to crash, resulting in a denial of service. This issue \nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr\u00f6bert discovered that OpenSSL incorrectly handled certain DTLS \nhandshake messages. A malicious server could use this issue to cause \nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly \nhandled fragmented ClientHello messages. If a remote attacker were able to \nperform a man-in-the-middle attack, this flaw could be used to force a \nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS \nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled \ncertain SRP parameters. A remote attacker could use this with applications \nthat use SRP to cause a denial of service, or possibly execute arbitrary \ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam\u00e4ki discovered that OpenSSL incorrectly \nhandled certain Server Hello messages that specify an SRP ciphersuite. A \nmalicious server could use this issue to cause clients to crash, resulting \nin a denial of service. This issue only affected Ubuntu 12.04 LTS and \nUbuntu 14.04 LTS. (CVE-2014-5139)", "edition": 68, "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "USN-2308-1", "href": "https://ubuntu.com/security/notices/USN-2308-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3512", "CVE-2014-5139"], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz", "modified": "2014-08-08T21:22:00", "published": "2014-08-08T21:22:00", "id": "SSA-2014-220-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.788587", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:10", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "**Issue Overview:**\n\nA flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. \n\nMultiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. \n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. \n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. \n\nA race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. \n\nThe ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1i-1.78.amzn1.i686 \n openssl-debuginfo-1.0.1i-1.78.amzn1.i686 \n openssl-perl-1.0.1i-1.78.amzn1.i686 \n openssl-1.0.1i-1.78.amzn1.i686 \n openssl-static-1.0.1i-1.78.amzn1.i686 \n \n src: \n openssl-1.0.1i-1.78.amzn1.src \n \n x86_64: \n openssl-static-1.0.1i-1.78.amzn1.x86_64 \n openssl-debuginfo-1.0.1i-1.78.amzn1.x86_64 \n openssl-devel-1.0.1i-1.78.amzn1.x86_64 \n openssl-1.0.1i-1.78.amzn1.x86_64 \n openssl-perl-1.0.1i-1.78.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-08-07T12:26:00", "published": "2014-08-07T12:26:00", "id": "ALAS-2014-391", "href": "https://alas.aws.amazon.com/ALAS-2014-391.html", "title": "Medium: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3513", "CVE-2014-3567", "CVE-2014-3568"], "description": "**Issue Overview:**\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. ([CVE-2014-3513 __](<https://access.redhat.com/security/cve/CVE-2014-3513>))\n\nA memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. ([CVE-2014-3567 __](<https://access.redhat.com/security/cve/CVE-2014-3567>))\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be \nconfigured to send them. ([CVE-2014-3568 __](<https://access.redhat.com/security/cve/CVE-2014-3568>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. Note that you may need to run _yum clean all_ first.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-1.0.1j-1.80.amzn1.i686 \n openssl-debuginfo-1.0.1j-1.80.amzn1.i686 \n openssl-devel-1.0.1j-1.80.amzn1.i686 \n openssl-static-1.0.1j-1.80.amzn1.i686 \n openssl-perl-1.0.1j-1.80.amzn1.i686 \n \n src: \n openssl-1.0.1j-1.80.amzn1.src \n \n x86_64: \n openssl-1.0.1j-1.80.amzn1.x86_64 \n openssl-perl-1.0.1j-1.80.amzn1.x86_64 \n openssl-debuginfo-1.0.1j-1.80.amzn1.x86_64 \n openssl-static-1.0.1j-1.80.amzn1.x86_64 \n openssl-devel-1.0.1j-1.80.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-10-15T16:14:00", "published": "2014-10-15T16:14:00", "id": "ALAS-2014-427", "href": "https://alas.aws.amazon.com/ALAS-2014-427.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "DoS and protocol version downgrades in client and server code, memory corruptions and information leaks in client code.", "edition": 1, "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "SECURITYVULNS:VULN:13908", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13908", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "huawei": [{"lastseen": "2019-02-01T18:01:48", "bulletinFamily": "software", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2015-03-11T00:00:00", "published": "2014-10-08T00:00:00", "id": "HUAWEI-SA-20141008-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-372998", "title": "Security Advisory-9 OpenSSL vulnerabilities on Huawei products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:51:50", "bulletinFamily": "info", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "### *Detect date*:\n08/07/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.\n\n### *Affected products*:\nStunnel versions 5.02 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Stunnel changelog](<https://www.stunnel.org/sdf_ChangeLog.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Stunnel](<https://threats.kaspersky.com/en/product/Stunnel/>)\n\n### *CVE-IDS*:\n[CVE-2014-3508](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508>)4.3Warning \n[CVE-2014-3509](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509>)6.8High \n[CVE-2014-3511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511>)4.3Warning \n[CVE-2014-5139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139>)4.3Warning \n[CVE-2014-3505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505>)5.0Critical \n[CVE-2014-3506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506>)5.0Critical \n[CVE-2014-3507](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507>)5.0Critical \n[CVE-2014-3510](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510>)4.3Warning \n[CVE-2014-3512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512>)7.5Critical", "edition": 44, "modified": "2020-05-22T00:00:00", "published": "2014-08-07T00:00:00", "id": "KLA10343", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10343", "title": "\r KLA10343Multiple vulnerabilities in Stunnel ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3512", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-5139"], "description": "\nThe OpenSSL Project reports:\n\nA flaw in OBJ_obj2txt may cause pretty printing functions\n\t such as X509_name_oneline, X509_name_print_ex et al. to leak\n\t some information from the stack. [CVE-2014-3508]\nThe issue affects OpenSSL clients and allows a malicious\n\t server to crash the client with a null pointer dereference\n\t (read) by specifying an SRP ciphersuite even though it was\n\t not properly negotiated with the client. [CVE-2014-5139]\nIf a multithreaded client connects to a malicious server\n\t using a resumed session and the server sends an ec point\n\t format extension it could write up to 255 bytes to freed\n\t memory. [CVE-2014-3509]\nAn attacker can force an error condition which causes\n\t openssl to crash whilst processing DTLS packets due to\n\t memory being freed twice. This can be exploited through\n\t a Denial of Service attack. [CVE-2014-3505]\nAn attacker can force openssl to consume large amounts\n\t of memory whilst processing DTLS handshake messages.\n\t This can be exploited through a Denial of Service\n\t attack. [CVE-2014-3506]\nBy sending carefully crafted DTLS packets an attacker\n\t could cause openssl to leak memory. This can be exploited\n\t through a Denial of Service attack. [CVE-2014-3507]\nOpenSSL DTLS clients enabling anonymous (EC)DH\n\t ciphersuites are subject to a denial of service attack.\n\t A malicious server can crash the client with a null pointer\n\t dereference (read) by specifying an anonymous (EC)DH\n\t ciphersuite and sending carefully crafted handshake\n\t messages. [CVE-2014-3510]\nA flaw in the OpenSSL SSL/TLS server code causes the\n\t server to negotiate TLS 1.0 instead of higher protocol\n\t versions when the ClientHello message is badly\n\t fragmented. This allows a man-in-the-middle attacker\n\t to force a downgrade to TLS 1.0 even if both the server\n\t and the client support a higher protocol version, by\n\t modifying the client's TLS records. [CVE-2014-3511]\nA malicious client or server can send invalid SRP\n\t parameters and overrun an internal buffer. Only\n\t applications which are explicitly set up for SRP\n\t use are affected. [CVE-2014-3512]\n\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2014-08-06T00:00:00", "id": "8AFF07EB-1DBD-11E4-B6BA-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/8aff07eb-1dbd-11e4-b6ba-3c970e169bc2.html", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "[1.0.1e-34.4]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation", "edition": 4, "modified": "2014-08-13T00:00:00", "published": "2014-08-13T00:00:00", "id": "ELSA-2014-1052", "href": "http://linux.oracle.com/errata/ELSA-2014-1052.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3566", "CVE-2013-6449", "CVE-2014-3507", "CVE-2014-3513", "CVE-2014-0224", "CVE-2014-3511", "CVE-2014-3470", "CVE-2014-3506", "CVE-2013-6450", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4353", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-3567", "CVE-2014-3510", "CVE-2014-3509", "CVE-2014-0221"], "description": "[1.0.1e-30.2]\n- fix CVE-2014-3567 - memory leak when handling session tickets\n- fix CVE-2014-3513 - memory leak in srtp support\n- add support for fallback SCSV to partially mitigate CVE-2014-3566\n (padding attack on SSL3)\n[1.0.1e-30]\n- add ECC TLS extensions to DTLS (#1119800)\n[1.0.1e-29]\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3507 - avoid memory leak in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3509 - fix race condition when parsing server hello\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation\n[1.0.1e-28]\n- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support\n[1.0.1e-26]\n- drop EXPORT, RC2, and DES from the default cipher list (#1057520)\n- print ephemeral key size negotiated in TLS handshake (#1057715)\n- do not include ECC ciphersuites in SSLv2 client hello (#1090952)\n- properly detect encryption failure in BIO (#1100819)\n- fail on hmac integrity check if the .hmac file is empty (#1105567)\n- FIPS mode: make the limitations on DSA, DH, and RSA keygen\n length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment\n variable is set\n[1.0.1e-25]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH\n[1.0.1e-24]\n- add back support for secp521r1 EC curve\n[1.0.1e-23]\n- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension\n[1.0.1e-22]\n- use 2048 bit RSA key in FIPS selftests\n[1.0.1e-21]\n- add DH_compute_key_padded needed for FIPS CAVS testing\n- make 3des strength to be 128 bits instead of 168 (#1056616)\n- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits\n- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)\n- FIPS mode: add DH selftest\n- FIPS mode: reseed DRBG properly on RAND_add()\n- FIPS mode: add RSA encrypt/decrypt selftest\n- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key\n- use the key length from configuration file if req -newkey rsa is invoked\n[1.0.1e-20]\n- fix CVE-2013-4353 - Invalid TLS handshake crash\n[1.0.1e-19]\n- fix CVE-2013-6450 - possible MiTM attack on DTLS1\n[1.0.1e-18]\n- fix CVE-2013-6449 - crash when version in SSL structure is incorrect\n[1.0.1e-17]\n- add back some no-op symbols that were inadvertently dropped", "edition": 4, "modified": "2014-10-16T00:00:00", "published": "2014-10-16T00:00:00", "id": "ELSA-2014-1652", "href": "http://linux.oracle.com/errata/ELSA-2014-1652.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted or the\nsystem rebooted.\n", "modified": "2015-04-24T14:17:46", "published": "2014-08-14T04:00:00", "id": "RHSA-2014:1054", "href": "https://access.redhat.com/errata/RHSA-2014:1054", "type": "redhat", "title": "(RHSA-2014:1054) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:27", "published": "2014-08-13T04:00:00", "id": "RHSA-2014:1052", "href": "https://access.redhat.com/errata/RHSA-2014:1052", "type": "redhat", "title": "(RHSA-2014:1052) Moderate: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-3507", "CVE-2014-3511", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-3509"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1052\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary.\n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets.\nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets.\nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032526.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032527.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1052.html", "edition": 3, "modified": "2014-08-13T20:25:33", "published": "2014-08-13T20:10:43", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/032526.html", "id": "CESA-2014:1052", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T12:01:17", "description": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-3512", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3512"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.0c"], "id": "CVE-2014-3512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:48", "description": "The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.", "edition": 5, "cvss3": {}, "published": "2013-12-23T22:55:00", "title": "CVE-2013-6449", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6449"], "modified": "2018-10-09T19:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.0c"], "id": "CVE-2013-6449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:46:08", "description": "The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.", "edition": 3, "cvss3": {}, "published": "2014-01-01T16:05:00", "title": "CVE-2013-6450", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6450"], "modified": "2018-10-09T19:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.0c"], "id": "CVE-2013-6450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:19", "description": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\" target=\"_blank\">CWE-476: NULL Pointer Dereference</a>", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-5139", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5139"], "modified": "2017-01-07T03:00:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1f"], "id": "CVE-2014-5139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:17", "description": "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "edition": 3, "cvss3": {}, "published": "2014-10-19T01:55:00", "title": "CVE-2014-3513", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3513"], "modified": "2017-01-03T02:59:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1f"], "id": "CVE-2014-3513", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3513", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:17", "description": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-3506", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3506"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8za", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:17", "description": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.\n<a href=\"http://cwe.mitre.org/data/definitions/415.html\" target=\"_blank\">CWE-415: Double Free</a>", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-3505", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3505"], "modified": "2017-01-07T03:00:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8za", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:17", "description": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-3507", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3507"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8za", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:17", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\" target=\"_blank\">CWE-476: NULL Pointer Dereference</a>", "edition": 3, "cvss3": {}, "published": "2014-08-13T23:55:00", "title": "CVE-2014-3510", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3510"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8za", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3510", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:23", "description": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "edition": 5, "cvss3": {}, "published": "2014-10-19T01:55:00", "title": "CVE-2014-3567", "type": "cve", "cwe": ["CWE-399", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3567"], "modified": "2017-11-15T02:29:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8zb", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.0m", "cpe:/a:openssl:openssl:1.0.0n", "cpe:/a:openssl:openssl:1.0.0c"], "id": "CVE-2014-3567", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3567", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}], "openssl": [{"lastseen": "2020-09-14T11:36:38", "bulletinFamily": "software", "cvelist": ["CVE-2013-6449"], "description": " A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2. This issue only affected OpenSSL 1.0.1 versions. Reported by Ron Barber. \n\n * Fixed in OpenSSL 1.0.1f [(git commit)](<https://github.com/openssl/openssl/commit/ca98926>) (Affected 1.0.1-1.0.1e)\n", "edition": 1, "modified": "2013-12-14T00:00:00", "published": "2013-12-14T00:00:00", "id": "OPENSSL:CVE-2013-6449", "href": "https://www.openssl.org/news/vulnerabilities.html", "title": "Vulnerability in OpenSSL CVE-2013-6449", "type": "openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T11:36:38", "bulletinFamily": "software", "cvelist": ["CVE-2013-6450"], "description": " A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. This is not a vulnerability for OpenSSL prior to 1.0.0. Reported by Dmitry Sobinov. \n\n * Fixed in OpenSSL 1.0.1f [(git commit)](<https://github.com/openssl/openssl/commit/3462896>) (Affected 1.0.1-1.0.1e)\n * Fixed in OpenSSL 1.0.0l (Affected 1.0.0-1.0.0k)\n", "edition": 1, "modified": "2013-12-13T00:00:00", "published": "2013-12-13T00:00:00", "id": "OPENSSL:CVE-2013-6450", "href": "https://www.openssl.org/news/vulnerabilities.html", "title": "Vulnerability in OpenSSL CVE-2013-6450", "type": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2014-10-19T13:22:31", "published": "2014-10-19T13:22:31", "id": "FEDORA:E67696087B8D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: openssl-1.0.1e-40.fc19", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0160", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3505", "CVE-2014-3506", "CVE-2014-3507", "CVE-2014-3508", "CVE-2014-3509", "CVE-2014-3510", "CVE-2014-3511", "CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2014-10-18T16:57:46", "published": "2014-10-18T16:57:46", "id": "FEDORA:4227660CA765", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: openssl-1.0.1e-40.fc20", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}]}