HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)
2014-07-07T00:00:00
ID HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL Type nessus Reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. Modified 2021-02-02T00:00:00
Description
The version of HP Version Control Repository Manager installed on the
remote host is prior to 7.3.4, and thus is affected by multiple
vulnerabilities in the bundled version of OpenSSL :
An error exists in the function 'ssl3_read_bytes'
that could allow data to be injected into other
sessions or allow denial of service attacks. Note
this issue is only exploitable if
'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
An error exists related to the implementation of the
Elliptic Curve Digital Signature Algorithm (ECDSA) that
could allow nonce disclosure via the 'FLUSH+RELOAD'
cache side-channel attack. (CVE-2014-0076)
A buffer overflow error exists related to invalid DTLS
fragment handling that could lead to execution of
arbitrary code. Note this issue only affects OpenSSL
when used as a DTLS client or server. (CVE-2014-0195)
An error exists in the function 'do_ssl3_write' that
could allow a NULL pointer to be dereferenced leading
to denial of service attacks. Note this issue is
exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
enabled. (CVE-2014-0198)
An error exists related to DTLS handshake handling that
could lead to denial of service attacks. Note this
issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
An unspecified error exists that could allow an
attacker to cause usage of weak keying material
leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
An unspecified error exists related to anonymous ECDH
ciphersuites that could allow denial of service
attacks. Note this issue only affects OpenSSL TLS
clients. (CVE-2014-3470)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(76390);
script_version("1.8");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id(
"CVE-2010-5298",
"CVE-2014-0076",
"CVE-2014-0195",
"CVE-2014-0198",
"CVE-2014-0221",
"CVE-2014-0224",
"CVE-2014-3470"
);
script_bugtraq_id(
66801,
66363,
67900,
67193,
67901,
67898,
67899
);
script_xref(name:"CERT", value:"978508");
script_xref(name:"HP", value:"emr_na-c04349789");
script_xref(name:"HP", value:"HPSBMU03056");
script_name(english:"HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)");
script_summary(english:"Checks version of HP VCRM.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected
by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of HP Version Control Repository Manager installed on the
remote host is prior to 7.3.4, and thus is affected by multiple
vulnerabilities in the bundled version of OpenSSL :
- An error exists in the function 'ssl3_read_bytes'
that could allow data to be injected into other
sessions or allow denial of service attacks. Note
this issue is only exploitable if
'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists related to the implementation of the
Elliptic Curve Digital Signature Algorithm (ECDSA) that
could allow nonce disclosure via the 'FLUSH+RELOAD'
cache side-channel attack. (CVE-2014-0076)
- A buffer overflow error exists related to invalid DTLS
fragment handling that could lead to execution of
arbitrary code. Note this issue only affects OpenSSL
when used as a DTLS client or server. (CVE-2014-0195)
- An error exists in the function 'do_ssl3_write' that
could allow a NULL pointer to be dereferenced leading
to denial of service attacks. Note this issue is
exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is
enabled. (CVE-2014-0198)
- An error exists related to DTLS handshake handling that
could lead to denial of service attacks. Note this
issue only affects OpenSSL when used as a DTLS client.
(CVE-2014-0221)
- An unspecified error exists that could allow an
attacker to cause usage of weak keying material
leading to simplified man-in-the-middle attacks.
(CVE-2014-0224)
- An unspecified error exists related to anonymous ECDH
ciphersuites that could allow denial of service
attacks. Note this issue only affects OpenSSL TLS
clients. (CVE-2014-3470)");
# https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04349789
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?70f329bb");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532578/30/0/threaded");
script_set_attribute(attribute:"solution", value:"Upgrade to HP Version Control Repository Manager 7.3.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:version_control_repository_manager");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("hp_version_control_repo_manager_installed.nbin");
script_require_keys("installed_sw/HP Version Control Repository Manager");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
appname = "HP Version Control Repository Manager";
get_install_count(app_name:appname, exit_if_zero:TRUE);
# Only 1 install is possible at a time
install = get_installs(app_name:appname);
if (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, appname);
install = install[1][0];
version = install['version'];
path = install['path'];
if (ver_compare(ver:version, fix:'7.3.4.0', strict:FALSE) < 0)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : 7.3.4.0' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
{"id": "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "bulletinFamily": "scanner", "title": "HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)", "description": "The version of HP Version Control Repository Manager installed on the\nremote host is prior to 7.3.4, and thus is affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "published": "2014-07-07T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/76390", "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "references": ["https://www.securityfocus.com/archive/1/532578/30/0/threaded", "http://www.nessus.org/u?70f329bb"], "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "type": "nessus", "lastseen": "2021-02-01T03:29:57", "edition": 27, "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["HP_VCA_SSRT101614-RHEL.NASL", "MCAFEE_EMAIL_GATEWAY_SB10075.NASL", "OPENSSL_CCS.NASL", "OPENSSL_CCS_1_0_1.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL", "HP_VCA_SSRT101614-SLES.NASL", "MCAFEE_WEB_GATEWAY_SB10075.NASL", "MCAFEE_VSEL_SB10075.NASL", "HPSMH_7_3_3_1.NASL", "HP_VCA_SSRT101614.NASL"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871172", "OPENVAS:1361412562310871183", "OPENVAS:1361412562310105203", "OPENVAS:1361412562310123365", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310121244", "OPENVAS:1361412562310105209", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310123403"]}, {"type": "cisco", "idList": ["CISCO-SA-20140605-OPENSSL"]}, {"type": "citrix", "idList": ["CTX140876"]}, {"type": "gentoo", "idList": ["GLSA-201407-05"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0679", "ELSA-2014-0625"]}, {"type": "redhat", "idList": ["RHSA-2014:0625", "RHSA-2014:0628", "RHSA-2014:0679"]}, {"type": "thn", "idList": ["THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "centos", "idList": ["CESA-2014:0625"]}, {"type": "slackware", "idList": ["SSA-2014-156-03"]}, {"type": "debian", "idList": ["DEBIAN:SSL-:DD9E5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13810", "SECURITYVULNS:DOC:31041"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0762-1"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY9.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-349"]}, {"type": "cve", "idList": ["CVE-2010-5298", "CVE-2014-3470", "CVE-2014-0076"]}, {"type": "kaspersky", "idList": ["KLA10382"]}, {"type": "vmware", "idList": ["VMSA-2014-0006"]}], "modified": "2021-02-01T03:29:57", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-02-01T03:29:57", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76390);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 66363,\n 67900,\n 67193,\n 67901,\n 67898,\n 67899\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04349789\");\n script_xref(name:\"HP\", value:\"HPSBMU03056\");\n\n script_name(english:\"HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056)\");\n script_summary(english:\"Checks version of HP VCRM.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Version Control Repository Manager installed on the\nremote host is prior to 7.3.4, and thus is affected by multiple\nvulnerabilities in the bundled version of OpenSSL :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04349789\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70f329bb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532578/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to HP Version Control Repository Manager 7.3.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_repository_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_version_control_repo_manager_installed.nbin\");\n script_require_keys(\"installed_sw/HP Version Control Repository Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"HP Version Control Repository Manager\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\n# Only 1 install is possible at a time\ninstall = get_installs(app_name:appname);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, appname);\ninstall = install[1][0];\n\nversion = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:version, fix:'7.3.4.0', strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.3.4.0' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "naslFamily": "Windows", "pluginID": "76390", "cpe": ["cpe:/a:hp:version_control_repository_manager"], "scheme": null}
{"nessus": [{"lastseen": "2021-02-01T03:29:55", "description": "The installation of HP Version Control Agent (VCA) on the remote\nWindows host is a version prior to 7.3.3. It is, therefore, affected\nby multiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "edition": 29, "published": "2014-08-12T00:00:00", "title": "HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:hp:version_control_agent"], "id": "HP_VCA_SSRT101614.NASL", "href": "https://www.tenable.com/plugins/nessus/77150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77150);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"SSRT101614\");\n script_xref(name:\"HP\", value:\"HPSBMU03057\");\n script_xref(name:\"HP\", value:\"emr_na-c04349897\");\n\n script_name(english:\"HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities\");\n script_summary(english:\"Checks the version of VCA installed.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by multiple\nvulnerabilities related to SSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The installation of HP Version Control Agent (VCA) on the remote\nWindows host is a version prior to 7.3.3. It is, therefore, affected\nby multiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04349897-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0e53fea\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532577/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VCA 7.3.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_agent\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_version_control_agent_installed.nbin\");\n script_require_keys(\"installed_sw/HP Version Control Agent\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \"HP Version Control Agent\";\nget_install_count(app_name:app,exit_if_zero:TRUE);\ninstall = get_single_install(app_name:app);\nversion = install[\"version\"];\npath = install[\"path\"];\nfix = \"7.3.3.0\";\n\n# Unknown version\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER,app);\n\nif (ver_compare(ver:version,fix:fix,strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port,extra:report);\n }\n else security_warning(port:port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN,app,version,path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T16:14:08", "description": "The remote host is running a version of McAfee VirusScan Enterprise\nfor Linux (VSEL) that is affected by multiple vulnerabilities due to\nflaws in the included OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 21, "published": "2014-07-17T00:00:00", "title": "McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-07-17T00:00:00", "cpe": ["cpe:/a:mcafee:virusscan_enterprise"], "id": "MCAFEE_VSEL_SB10075.NASL", "href": "https://www.tenable.com/plugins/nessus/76580", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76580);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/19\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"IAVA\", value:\"2014-A-0100-S\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10075\");\n\n script_name(english:\"McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075)\");\n script_summary(english:\"Checks the VSEL version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee VirusScan Enterprise\nfor Linux (VSEL) that is affected by multiple vulnerabilities due to\nflaws in the included OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://ccsinjection.lepidum.co.jp/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:virusscan_enterprise\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_vsel_detect.nbin\");\n script_require_keys(\"installed_sw/McAfee VirusScan Enterprise for Linux\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"McAfee VirusScan Enterprise for Linux\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nhotfixes = install['Hotfixes'];\nmax_hotfix = int(install['max_hotfix']);\nvuln = FALSE;\n\n# Determine fix.\nif (version =~ \"^1.6\\.\")\n{\n max = \"1.6.0.28698\";\n hotfix = \"HF-961964\";\n}\nelse if (version =~ \"^1\\.7\\.1\\.\")\n{\n max = \"1.7.1.28698\";\n hotfix = \"HF-973565\";\n}\nelse if (version =~ \"^1\\.9\\.\")\n{\n max = \"1.9.0.28822\";\n hotfix = \"HF-972024\";\n}\nelse if (version =~ \"^2\\.0\\.\")\n{\n max = \"2.0.0.28948\";\n hotfix = \"HF-967083\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:max, strict:FALSE) <= 0)\n{\n if (report_paranoia > 1 && !isnull(hotfixes) && hotfix >!< hotfixes) vuln = TRUE;\n else\n {\n hotfix_int = int(hotfix - \"HF-\");\n if (max_hotfix < hotfix_int) vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = '\\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix + \" or later\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:29:54", "description": "The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is a version prior to 7.3.3. It is, therefore, affected by\nmultiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "edition": 28, "published": "2014-08-12T00:00:00", "title": "HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:hp:version_control_agent"], "id": "HP_VCA_SSRT101614-RHEL.NASL", "href": "https://www.tenable.com/plugins/nessus/77151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77151);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 66363,\n 67900,\n 67193,\n 67901,\n 67899,\n 67898\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"SSRT101614\");\n script_xref(name:\"HP\", value:\"HPSBMU03057\");\n script_xref(name:\"HP\", value:\"emr_na-c04349897\");\n\n script_name(english:\"HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities\");\n script_summary(english:\"Checks the version of VCA installed.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by multiple\nvulnerabilities related to SSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is a version prior to 7.3.3. It is, therefore, affected by\nmultiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VCA 7.3.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04349897-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0e53fea\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532577/30/0/threaded\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_agent\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"ppc\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\n# These are the only versions the software is supported\n# however you can install it on later versions. So\n# only check non-supported versions if paranoia is on.\nif (\n report_paranoia < 2 &&\n !ereg(pattern:\"release [3-6]($|[^0-9])\", string:release)\n) audit(AUDIT_OS_NOT, \"Red Hat 3 / 4 / 5 / 6\");\n\nrpms = get_kb_item_or_exit(\"Host/RedHat/rpm-list\");\nif (\"hpvca-\" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"HP Version Control Agent\");\n\n# Get the RPM version\nmatch = eregmatch(string:rpms, pattern:\"(^|\\n)hpvca-(\\d+\\.\\d+\\.\\d+-\\d+)\");\nif (isnull(match)) audit(AUDIT_VER_FAIL, \"HP Version Control Agent\");\n\nversion = match[2];\nversion = ereg_replace(string:version, replace:\".\", pattern:\"-\");\n\nfix = \"7.3.3.0\";\nif (ver_compare(ver:version,fix:fix,strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"HP Version Control Agent\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:29:52", "description": "The version of HP Systems Insight Manager installed on the remote\nWindows host is affected by the following vulnerabilities in the\nincluded OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 28, "published": "2014-08-06T00:00:00", "title": "HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:hp:systems_insight_manager"], "id": "HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL", "href": "https://www.tenable.com/plugins/nessus/77020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77020);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04379485\");\n script_xref(name:\"HP\", value:\"HPSBMU03076\");\n script_xref(name:\"HP\", value:\"SSRT101648\");\n\n script_name(english:\"HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of HP Systems Insight Manager.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains software that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Systems Insight Manager installed on the remote\nWindows host is affected by the following vulnerabilities in the\nincluded OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04379485\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5151aa42\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532878/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Hotfix kit mentioned in the advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:systems_insight_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"hp_systems_insight_manager_installed.nasl\");\n script_require_keys(\"installed_sw/HP Systems Insight Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"HP Systems Insight Manager\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app_name);\npath = install['path'];\nversion = install['version'];\n\nhotfixes = install['Hotfixes'];\nif (isnull(hotfixes)) hotfixes = \"n/a\";\nelse hotfixes = str_replace(string:hotfixes, find:\";\", replace:\", \");\n\nfixed_hotfix = NULL;\n\n# 7.2.0, 7.2.1, 7.2.2\nif (version =~ \"^(([A-Z]\\.)?07\\.([A-C]\\.)?(02\\.0[0-2])\\.[0-9a-z.]+)\")\n fixed_hotfix = \"HOTFIX72_037\";\n# 7.3.0, 7.3.0a, 7.3.1\nelse if (version =~ \"^(([A-Z]\\.)?07\\.([A-C]\\.)?(03\\.0[01a])\\.[0-9a-z.]+)\")\n fixed_hotfix = \"HOTFIX73_034\";\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\nif (fixed_hotfix >!< hotfixes)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Installed hotfixes : ' + hotfixes +\n '\\n Fixed hotfix : ' + fixed_hotfix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:30:07", "description": "According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server has an\nimplementation of the OpenSSL library that is affected by the\nfollowing vulnerabilities :\n\n - An error exists in the ssl3_read_bytes() function that\n allows data to be injected into other sessions. Note\n that this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n allows nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow condition exists related to invalid\n DTLS fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the do_ssl3_write() function that\n allows a NULL pointer to be dereferenced, resulting in a\n denial of service condition. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that allows an attacker to\n cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that allows denial of service attacks. Note\n that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)", "edition": 28, "published": "2014-07-02T00:00:00", "title": "HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_7_3_3_1.NASL", "href": "https://www.tenable.com/plugins/nessus/76345", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76345);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"emr_na-c04345210\");\n script_xref(name:\"HP\", value:\"HPSBMU03051\");\n script_xref(name:\"HP\", value:\"SSRT101611\");\n\n script_name(english:\"HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server has an\nimplementation of the OpenSSL library that is affected by the\nfollowing vulnerabilities :\n\n - An error exists in the ssl3_read_bytes() function that\n allows data to be injected into other sessions. Note\n that this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n allows nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow condition exists related to invalid\n DTLS fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the do_ssl3_write() function that\n allows a NULL pointer to be dereferenced, resulting in a\n denial of service condition. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that allows an attacker to\n cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that allows denial of service attacks. Note\n that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04345210\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f7990895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532538/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/532642/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0076\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage 7.2.4.1 (Windows 2003) /\n7.3.3.1 (Linux or Windows) or later.\n\nNote that version 7.3.3.1 for Linux x86 still contains OpenSSL\nv1.0.0d.\n\nEnsure that any products with which such an install might communicate\nwith have been updated to the latest versions to not be affected by\nthe vulnerability covered by CVE-2014-0224.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n# Only Linux and Windows are affected -- HP-UX is not mentioned\nif (report_paranoia < 2)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Windows\" >!< os && \"Linux\" >!< os) audit(AUDIT_OS_NOT, \"Windows or Linux\", os);\n}\n\nport = get_http_port(default:2381, embedded:TRUE);\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, prod, build_url(port:port, qs:dir+\"/\") );\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n{\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n}\n\nif (\n ver_compare(ver:version_alt, fix:\"7.2.4.1\", strict:FALSE) == -1 ||\n (version_alt =~ \"^7\\.3($|[^0-9])\" && ver_compare(ver:version_alt, fix:\"7.3.3.1\", strict:FALSE) == -1)\n)\n{\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.2.4.1 / 7.3.3.1 \\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:29:54", "description": "The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is a version prior to 7.3.3. It is, therefore, affected by\nmultiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)", "edition": 28, "published": "2014-08-12T00:00:00", "title": "HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:hp:version_control_agent"], "id": "HP_VCA_SSRT101614-SLES.NASL", "href": "https://www.tenable.com/plugins/nessus/77152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77152);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66801,\n 66363,\n 67900,\n 67193,\n 67901,\n 67899,\n 67898\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"HP\", value:\"SSRT101614\");\n script_xref(name:\"HP\", value:\"HPSBMU03057\");\n script_xref(name:\"HP\", value:\"emr_na-c04349897\");\n\n script_name(english:\"HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities\");\n script_summary(english:\"Checks the version of VCA installed.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by multiple\nvulnerabilities related to SSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The RPM installation of HP Version Control Agent (VCA) on the remote\nLinux host is a version prior to 7.3.3. It is, therefore, affected by\nmultiple vulnerabilities in the bundled version of SSL :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - A flaw in the ECDS Algorithm implementation can\n be triggered using a FLUSH+RELOAD cache side-channel\n attack which may allow a malicious process to recover\n ECDSA nonces. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the processing of ChangeCipherSpec\n messages that allows the usage of weak keying material.\n This permits simplified man-in-the-middle attacks to be\n done. (CVE-2014-0224)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VCA 7.3.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04349897-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0e53fea\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532577/30/0/threaded\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_agent\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^SLES\") audit(AUDIT_OS_NOT, \"SuSE Linux Enterprise Server\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\n# These are the only versions the software is supported\n# however you can install it on later versions. So\n# only check non-supported versions if paranoia is on.\nif (\n report_paranoia < 2 &&\n !ereg(pattern:\"SLES(8|9|10|11)($|[^0-9])\", string:release)\n) audit(AUDIT_OS_NOT, \"SuSE Linux Enterprise Server 8 / 9 / 10 / 11\");\n\nrpms = get_kb_item_or_exit(\"Host/SuSE/rpm-list\");\nif (\"hpvca-\" >!< rpms) audit(AUDIT_PACKAGE_NOT_INSTALLED,\"HP Version Control Agent\");\n\n# Get the RPM version\nmatch = eregmatch(string:rpms, pattern:\"(^|\\n)hpvca-(\\d+\\.\\d+\\.\\d+-\\d+)\");\nif (isnull(match)) audit(AUDIT_VER_FAIL,\"HP Version Control Agent\");\n\nversion = match[2];\nversion = ereg_replace(string:version, replace:\".\", pattern:\"-\");\n\nfix = \"7.3.3.0\";\nif (ver_compare(ver:version,fix:fix,strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"HP Version Control Agent\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:04:11", "description": "The remote host is running a version of McAfee Web Gateway (MWG) that\nis affected by multiple vulnerabilities due to flaws in the OpenSSL\nlibrary :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)", "edition": 28, "published": "2014-06-19T00:00:00", "title": "McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mcafee:web_gateway"], "id": "MCAFEE_WEB_GATEWAY_SB10075.NASL", "href": "https://www.tenable.com/plugins/nessus/76146", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76146);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"IAVB\", value:\"2014-B-0077\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10075\");\n\n script_name(english:\"McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)\");\n script_summary(english:\"Checks version of MWG.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee Web Gateway (MWG) that\nis affected by multiple vulnerabilities due to flaws in the OpenSSL\nlibrary :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0076\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:web_gateway\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_web_gateway_detect.nbin\");\n script_require_keys(\"Host/McAfee Web Gateway/Version\", \"Host/McAfee Web Gateway/Display Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Web Gateway\";\nversion = get_kb_item_or_exit(\"Host/McAfee Web Gateway/Version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfee Web Gateway/Display Version\");\nfix = FALSE;\n\nif (version =~ \"^7\\.3\\.\")\n{\n fix = \"7.3.2.10.0.17286\";\n fix_display = \"7.3.2.10 Build 17286\";\n}\nelse if (version =~ \"^7\\.4\\.\")\n{\n fix = \"7.4.2.1.0.17293\";\n fix_display = \"7.4.2.1 Build 17293\";\n}\n\nif (fix && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version_display +\n '\\n Fixed version : ' + fix_display +\n '\\n';\n security_warning(extra:report, port:0);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version_display);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T04:04:07", "description": "The remote host is running a version of McAfee Email Gateway (MEG)\nthat is affected by the multiple vulnerabilities related to the\nincluded OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that\n can allow data to be injected into other sessions or\n allow denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n can allow nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that can lead to execution of\n arbitrary code. Note that this issue only affects\n OpenSSL when used as a DTLS client or server.\n (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n can allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n can lead to denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that can allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that can allow denial of service attacks.\n Note that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)", "edition": 27, "published": "2014-07-17T00:00:00", "title": "McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mcafee:email_gateway"], "id": "MCAFEE_EMAIL_GATEWAY_SB10075.NASL", "href": "https://www.tenable.com/plugins/nessus/76579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76579);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10075\");\n\n script_name(english:\"McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075)\");\n script_summary(english:\"Checks the MEG version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities related to the\nincluded OpenSSL library.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee Email Gateway (MEG)\nthat is affected by the multiple vulnerabilities related to the\nincluded OpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes' that\n can allow data to be injected into other sessions or\n allow denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n can allow nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that can lead to execution of\n arbitrary code. Note that this issue only affects\n OpenSSL when used as a DTLS client or server.\n (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n can allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note that this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n can lead to denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that can allow an attacker\n to cause usage of weak keying material leading to\n simplified man-in-the-middle attacks. (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n cipher suites that can allow denial of service attacks.\n Note that this issue only affects OpenSSL TLS clients.\n (CVE-2014-3470)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant hotfix referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:email_gateway\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_email_gateway_version.nbin\");\n script_require_keys(\"Host/McAfeeSMG/name\", \"Host/McAfeeSMG/version\", \"Host/McAfeeSMG/patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = get_kb_item_or_exit(\"Host/McAfeeSMG/name\");\nversion = get_kb_item_or_exit(\"Host/McAfeeSMG/version\");\npatches = get_kb_item_or_exit(\"Host/McAfeeSMG/patches\");\n\n# Determine fix.\nif (version =~ \"^5\\.6\\.\")\n{\n fix = \"5.6.2964.107\";\n hotfix = \"5.6h973308\";\n}\nelse if (version =~ \"^7\\.0\\.\")\n{\n fix = \"7.0.2934.109\";\n hotfix = \"7.0.5h973323\";\n}\nelse if (version =~ \"^7\\.5\\.\")\n{\n fix = \"7.5.2846.121\";\n hotfix = \"7.5h968383\";\n}\nelse if (version =~ \"^7\\.6\\.\")\n{\n fix = \"7.6.3044.102\";\n hotfix = \"7.6h968406\";\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1 && hotfix >!< patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = '\\n' + app_name + ' ' + version + ' is missing patch ' + hotfix + '.\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T16:14:08", "description": "The remote host is running a version of McAfee ePolicy Orchestrator\nthat is affected by multiple vulnerabilities due to flaws in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470))", "edition": 22, "published": "2014-06-19T00:00:00", "title": "McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-19T00:00:00", "cpe": ["cpe:/a:mcafee:epolicy_orchestrator"], "id": "MCAFEE_EPO_SB10075.NASL", "href": "https://www.tenable.com/plugins/nessus/76145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76145);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10075\");\n\n script_name(english:\"McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)\");\n script_summary(english:\"Checks version of OpenSSL installed with ePolicy Orchestrator.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of McAfee ePolicy Orchestrator\nthat is affected by multiple vulnerabilities due to flaws in the\nOpenSSL library :\n\n - An error exists in the function 'ssl3_read_bytes'\n that could allow data to be injected into other\n sessions or allow denial of service attacks. Note\n this issue is only exploitable if\n 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n could allow nonce disclosure via the 'FLUSH+RELOAD'\n cache side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that could lead to execution of\n arbitrary code. Note this issue only affects OpenSSL\n when used as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the function 'do_ssl3_write' that\n could allow a NULL pointer to be dereferenced leading\n to denial of service attacks. Note this issue is\n exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could lead to denial of service attacks. Note this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An unspecified error exists that could allow an\n attacker to cause usage of weak keying material\n leading to simplified man-in-the-middle attacks.\n (CVE-2014-0224)\n\n - An unspecified error exists related to anonymous ECDH\n ciphersuites that could allow denial of service\n attacks. Note this issue only affects OpenSSL TLS\n clients. (CVE-2014-3470))\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=PD25233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0076\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Hotfix 973112 as per the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0195\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/19\");\n\n script_set_attribute(attribute:\"agent\", value:\"windows\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:epolicy_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_epo_installed.nasl\");\n script_require_keys(\"SMB/mcafee_epo/Path\", \"SMB/mcafee_epo/ver\");\n script_require_ports(\"SMB/transport\", 139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\napp_name = \"McAfee ePolicy Orchestrator\";\nversion = get_kb_item_or_exit(\"SMB/mcafee_epo/ver\");\ninstall_path = get_kb_item_or_exit(\"SMB/mcafee_epo/Path\");\n\nhotfix = 'Hotfix 973112';\nhotfix_file = \"Apache2\\bin\\ssleay32.dll\";\nhotfix_fversion = \"1.0.1.8\";\nmin_affected = \"0.9.8\";\n\n# for FIPS detection\njava_security_file = \"JRE\\lib\\security\\java.security\";\nFIPS_enabled_pattern = \"^\\ *orion.fips140.mode\\ *=\\ *true\";\n\n# Versions 4.6, 5.0 and 5.1 are affected.\nif (version !~ \"^4\\.6\\.\" && version !~ \"^5\\.[01]\\.\") audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install_path);\n\n# If it is configured to run in FIPS mode, it is not vuln\njava_security_path = hotfix_append_path(path:install_path, value:java_security_file);\nif (hotfix_file_exists(path:java_security_path))\n{\n data = hotfix_get_file_contents(java_security_path);\n hotfix_handle_error(error_code:data[\"error\"], file:java_security_path, appname:app_name, exit_on_fail:TRUE);\n data = data[\"data\"];\n if (egrep(pattern:FIPS_enabled_pattern, string:data))\n {\n hotfix_check_fversion_end();\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + \" running in FIPS 140-2 mode\", install_path);\n }\n}\n\n# Check the version of the affected DLL.\ndll_path = hotfix_append_path(path:install_path, value:hotfix_file);\ndll_version = hotfix_get_fversion(path:dll_path);\nhotfix_handle_error(error_code:dll_version['error'], file:dll_path, appname:app_name, exit_on_fail:TRUE);\nhotfix_check_fversion_end();\n\ndll_version = join(dll_version['value'], sep:'.');\n\nif (ver_compare(ver:dll_version, fix:min_affected, strict:FALSE) == -1) audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, install_path);\n\nif (ver_compare(ver:dll_version, fix:hotfix_fversion, strict:FALSE) == -1)\n{\n port = kb_smb_transport();\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + install_path +\n '\\n Installed version : ' + version +\n '\\n OpenSSL DLL : ' + dll_path +\n '\\n DLL version : ' + dll_version +\n '\\n Fixed version : ' + hotfix_fversion +\n '\\n ' +\n '\\n' + 'Note: The install may not be vulnerable to all of the CVEs' +\n '\\n' + ' listed; however, applying the hotfix will ensure coverage' +\n '\\n' + ' of all CVEs.' +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:16:23", "description": "The OpenSSL service on the remote host is vulnerable to a\nman-in-the-middle (MiTM) attack, based on its acceptance of a\nspecially crafted handshake.\n\nThis flaw could allow a MiTM attacker to decrypt or forge SSL messages\nby telling the service to begin encrypted communications before key\nmaterial has been exchanged, which causes predictable keys to be used\nto secure future traffic.\n\nNote that Nessus has only tested for an SSL/TLS MiTM vulnerability\n(CVE-2014-0224). However, Nessus has inferred that the OpenSSL service\non the remote host is also affected by six additional vulnerabilities\nthat were disclosed in OpenSSL's June 5th, 2014 security advisory :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n allows nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nOpenSSL did not release individual patches for these vulnerabilities,\ninstead they were all patched under a single version release. Note\nthat the service will remain vulnerable after patching until the\nservice or host is restarted.", "edition": 22, "cvss3": {"score": 5.6, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2014-08-14T00:00:00", "title": "OpenSSL 'ChangeCipherSpec' MiTM Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-08-14T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_CCS_1_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/77200", "sourceData": "#TRUSTED 6ad5ed9312b4cf82bdc7c0a1eebfc1e1edb64ee6f602b6d51bf92645bb8444586d36cd1de3be479b2422743d6b99e62c75348520c92d3d1bb63983d1f4480ec923644127b3cd975409d4c2fa26605cd966009671fad062da2088548bde8f944f64c01b0e64c3fe5fa3d81fd4777b85deabf84d37d0eadfc85ac0b1f7164cc9021cb29ba96a962cb8291d8a057b184767f4250e5cb948c21a4e32f5f8623fa0dc32479334422bd7cd0b565c178412f408c8bf79c0e859463624ea2c6c2fb3dee29dd56992bf9c927ec5a83cc3c3900f60b0ebdb8ecd8d1b2ceea363df34a660db7dbe3d286a530e0bba8261e173634bbb18a5e3515542c145d804b04ae75e4d76b7094ed9d46ec3e451da9d5eec643c3c3d2f889ea42ec9a5572737fb27b0c61c5928c65dbb5f1515fc6958c0c20f4a07cad3a50c2ab5880399d23256a2c7fb54c1deede59218fd49eb34b9a49d7629261a379e4243456fdc2da417273433b09dd2c86b1e01e34e87d0288a880a611332f181a5f7e779e93ce485bbd6ec185828db480d08dc05f69ee0039b3f11113f7fc1848cd55449514308dfe05417f5c62b0f7ed4e0b369f2c5fc82c69d88c2c97936742d6c3fb7f97d0ff16edacd815f6308d5d9ed0a772e4ed7eff21baebe5690302b6020eaf004eeb490c60f7bf3f775d3e8d9b5beb9da07d4672be26e6b055f58329398a097b2776cd8462a2fe2aa6c\n#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( !defined_func(\"socket_get_error\") ) audit(AUDIT_FN_UNDEF, \"socket_get_error\");\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77200);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/17\");\n\n script_cve_id(\n \"CVE-2010-5298\",\n \"CVE-2014-0076\",\n \"CVE-2014-0195\",\n \"CVE-2014-0198\",\n \"CVE-2014-0221\",\n \"CVE-2014-0224\",\n \"CVE-2014-3470\"\n );\n script_bugtraq_id(\n 66363,\n 66801,\n 67193,\n 67898,\n 67899,\n 67900,\n 67901\n );\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"OpenSSL 'ChangeCipherSpec' MiTM Vulnerability\");\n script_summary(english:\"Checks if the remote host incorrectly accepts a 'ChangeCipherSpec' message.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a vulnerability that could allow\nsensitive data to be decrypted.\");\n script_set_attribute(attribute:\"description\", value:\n\"The OpenSSL service on the remote host is vulnerable to a\nman-in-the-middle (MiTM) attack, based on its acceptance of a\nspecially crafted handshake.\n\nThis flaw could allow a MiTM attacker to decrypt or forge SSL messages\nby telling the service to begin encrypted communications before key\nmaterial has been exchanged, which causes predictable keys to be used\nto secure future traffic.\n\nNote that Nessus has only tested for an SSL/TLS MiTM vulnerability\n(CVE-2014-0224). However, Nessus has inferred that the OpenSSL service\non the remote host is also affected by six additional vulnerabilities\nthat were disclosed in OpenSSL's June 5th, 2014 security advisory :\n\n - An error exists in the 'ssl3_read_bytes' function\n that permits data to be injected into other sessions\n or allows denial of service attacks. Note that this\n issue is exploitable only if SSL_MODE_RELEASE_BUFFERS\n is enabled. (CVE-2010-5298)\n\n - An error exists related to the implementation of the\n Elliptic Curve Digital Signature Algorithm (ECDSA) that\n allows nonce disclosure via the 'FLUSH+RELOAD' cache\n side-channel attack. (CVE-2014-0076)\n\n - A buffer overflow error exists related to invalid DTLS\n fragment handling that permits the execution of\n arbitrary code or allows denial of service attacks.\n Note that this issue only affects OpenSSL when used\n as a DTLS client or server. (CVE-2014-0195)\n\n - An error exists in the 'do_ssl3_write' function that\n permits a NULL pointer to be dereferenced, which could\n allow denial of service attacks. Note that this issue\n is exploitable only if SSL_MODE_RELEASE_BUFFERS is\n enabled. (CVE-2014-0198)\n\n - An error exists related to DTLS handshake handling that\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL when used as a DTLS client.\n (CVE-2014-0221)\n\n - An error exists in the 'dtls1_get_message_fragment'\n function related to anonymous ECDH cipher suites. This\n could allow denial of service attacks. Note that this\n issue only affects OpenSSL TLS clients. (CVE-2014-3470)\n\nOpenSSL did not release individual patches for these vulnerabilities,\ninstead they were all patched under a single version release. Note\nthat the service will remain vulnerable after patching until the\nservice or host is restarted.\");\n # http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5709faa\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/06/05/earlyccs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to\n0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should\nupgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server)\nshould upgrade to 1.0.1h.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssl_supported_versions.nasl\");\n script_require_ports(443, \"SSL/Supported\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"ldap_func.inc\");\ninclude(\"nntp_func.inc\");\ninclude(\"smtp_func.inc\");\ninclude(\"telnet2_func.inc\");\ninclude(\"x509_func.inc\");\ninclude(\"rsync.inc\");\ninclude(\"audit.inc\");\ninclude(\"string.inc\");\n\nglobal_var _ssl;\n\n##\n# Get cipher description.\n#\n# @return Value of ciphers_desc[<name>] from ssl_funcs.inc.\n##\nfunction ssl3_get_cipher_desc()\n{\n local_var cipher, name;\n\n if (!isnull(_ssl['cipher_desc']))\n return _ssl['cipher_desc'];\n\n cipher = _ssl['cipher'];\n name = cipher_name(id:cipher);\n if (isnull(name)) return NULL;\n\n return ciphers_desc[name];\n}\n\n##\n# Checks whether a cipher is in a list of cipher suites.\n#\n# @anonparam cipher Cipher in question.\n# @anonparam ciphers List of cipher suites.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_cipher_in_list()\n{\n local_var cipher, ciphers, i, id, len;\n\n cipher = _FCT_ANON_ARGS[0];\n ciphers = _FCT_ANON_ARGS[1];\n\n len = strlen(ciphers);\n for (i = 0; i < len; i += 2)\n {\n id = substr(ciphers, i, i + 2 - 1);\n if (cipher == id) return TRUE;\n }\n\n return FALSE;\n}\n\n##\n# Split the key block into IVs, cipher keys, and MAC keys.\n#\n# @anonparam keyblk Key block derived from the master secret.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_set_keys()\n{\n local_var desc, mac_size, iv_size, key_size, keyblk, pos;\n local_var mac, encrypt;\n\n desc = ssl3_get_cipher_desc();\n if (isnull(desc)) return FALSE;\n\n mac = cipher_field(name:desc, field:\"mac\");\n encrypt = cipher_field(name:desc, field:\"encrypt\");\n\n keyblk = _FCT_ANON_ARGS[0];\n\n # Determine the size of the key block's fields.\n if ('SHA1' >< mac) mac_size = 20;\n else if ('MD5' >< mac) mac_size = 16;\n else return FALSE;\n\n if ('3DES-CBC(168)' >< encrypt) { key_size = 24; iv_size = 8; }\n else if ('DES-CBC(56)' >< encrypt) { key_size = 8; iv_size = 8; }\n else if ('AES-CBC(128)' >< encrypt) { key_size = 16; iv_size = 16; }\n else if ('AES-CBC(256)' >< encrypt) { key_size = 32; iv_size = 16; }\n else return FALSE;\n\n # Ensure the block is big enough.\n if (strlen(keyblk) < 2 * (mac_size + key_size + iv_size))\n return FALSE;\n\n # Extract the data from the key block.\n pos = 0;\n _ssl['enc_mac_key'] = substr(keyblk, pos, pos + mac_size - 1); pos += mac_size;\n _ssl['dec_mac_key'] = substr(keyblk, pos, pos + mac_size - 1); pos += mac_size;\n _ssl['enc_key'] = substr(keyblk, pos, pos + key_size - 1); pos += key_size;\n _ssl['dec_key'] = substr(keyblk, pos, pos + key_size - 1); pos += key_size;\n _ssl['enc_iv'] = substr(keyblk, pos, pos + iv_size - 1); pos += iv_size;\n _ssl['dec_iv'] = substr(keyblk, pos, pos + iv_size - 1);\n\n return TRUE;\n}\n\n##\n# Hashes data.\n#\n# @anonparam data Data to be hashed.\n#\n# @return Message digest of the given data.\n##\nfunction ssl3_hash()\n{\n local_var data, desc;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"mac\");\n if (empty_or_null(desc)) return NULL;\n\n data = _FCT_ANON_ARGS[0];\n\n if ('SHA1' >< desc)\n return SHA1(data);\n\n if ('MD5' >< desc)\n return MD5(data);\n\n return NULL;\n}\n\n##\n# Compute the HMAC of the data.\n#\n# @anonparam data Data to be HMACed.\n# @anonparam key The key for the HMAC algorithm.\n#\n# @return HMAC of the given data.\n##\nfunction ssl3_hmac()\n{\n local_var data, desc, key;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"mac\");\n if (empty_or_null(desc)) return NULL;\n\n key = _FCT_ANON_ARGS[0];\n data = _FCT_ANON_ARGS[1];\n\n if ('SHA1' >< desc)\n return HMAC_SHA1(key:key, data:data);\n\n if ('MD5' >< desc)\n return HMAC_MD5(key:key, data:data);\n\n return NULL;\n}\n\n##\n# Computes the MAC of the data.\n#\n# @param client Whether the data is from the client or server.\n# @param data The data to be calculate the MAC of.\n# @param type The type of the record.\n#\n# @returns The MAC of the given data, in protocol-specific form.\n##\nfunction ssl3_mac(client, data, type)\n{\n local_var key, seq;\n\n if (isnull(client))\n client = TRUE;\n\n if (client)\n {\n key = _ssl['enc_mac_key'];\n seq = _ssl['clt_seq'];\n }\n else\n {\n key = _ssl['dec_mac_key'];\n seq = _ssl['srv_seq'];\n }\n\n # Encode the client sequence number.\n seq = mkdword(0) + mkdword(seq);\n\n if (_ssl['version'] == SSL_V3)\n {\n return ssl3_hash(\n key + # Key\n crap(data:'\\x5c', length:40) + # O-Pad\n ssl3_hash( #\n key + # Key\n crap(data:'\\x36', length:40) + # I-Pad\n seq + # 64-bit sequence number\n mkbyte(type) + # Record ID\n mkword(strlen(data)) + # Data length\n data # Data\n )\n );\n }\n\n if (_ssl['version'] == TLS_10)\n {\n return ssl3_hmac(\n key,\n seq + tls_mk_record(type:type, data:data, version:TLS_10)\n );\n }\n\n return NULL;\n}\n\n##\n# Encrypt or decrypt data.\n#\n# @anon param data input data\n# @param enc Whether to encrypt (TRUE) or decrypt (FALSE).\n#\n# @return Result of encrypting or decrypting the given data.\n##\nfunction ssl3_crypt(enc)\n{\n local_var data, desc, iv, key, out, ret;\n\n desc = cipher_field(name:ssl3_get_cipher_desc(), field:\"encrypt\");\n if (empty_or_null(desc)) return NULL;\n\n data = _FCT_ANON_ARGS[0];\n\n if (enc)\n {\n key = _ssl['enc_key'];\n iv = _ssl['enc_iv'];\n }\n else\n {\n key = _ssl['dec_key'];\n iv = _ssl['dec_iv'];\n }\n\n if ('3DES-CBC(168)' >< desc)\n {\n if (enc)\n ret = tripledes_cbc_encrypt(data:data, key:key, iv:iv);\n else\n ret = tripledes_cbc_decrypt(data:data, key:key, iv:iv);\n }\n else if ('DES-CBC(56)' >< desc)\n {\n out = des_cbc_encrypt(data:data, key:key, iv:iv, encrypt:enc);\n if (enc)\n ret = make_list(out, substr(out, strlen(out) - 8));\n else\n ret = make_list(out, substr(data, strlen(data) - 8));\n }\n else if ('AES-CBC(128)' >< desc || 'AES-CBC(256)' >< desc)\n {\n if (enc)\n ret = aes_cbc_encrypt(data:data, key:key, iv:iv);\n else\n ret = aes_cbc_decrypt(data:data, key:key, iv:iv);\n }\n\n if (isnull(ret)) return NULL;\n\n # Update IV for the next block.\n if (enc)\n _ssl['enc_iv'] = ret[1];\n else\n _ssl['dec_iv'] = ret[1];\n\n return ret[0];\n}\n\n##\n# Encrypt data with the block cipher.\n#\n# @anonparam data The data to be encrypted.\n#\n# @return The ciphertext of the given data.\n##\nfunction ssl3_encrypt()\n{\n local_var data, block_size, padlen;\n\n data = _FCT_ANON_ARGS[0];\n\n # Calculate how much padding is needed to fill the block.\n block_size = strlen(_ssl['enc_iv']);\n padlen = block_size - (strlen(data) % block_size);\n\n # Append the padding to the data.\n data += crap(data:mkbyte(padlen - 1), length:padlen);\n\n return ssl3_crypt(data, enc:TRUE);\n}\n\n##\n# Decrypt data with the block cipher.\n#\n# @anonparam data The data to be decrypted.\n#\n# @return The plaintext of the given data.\n##\nfunction ssl3_decrypt()\n{\n return ssl3_crypt(_FCT_ANON_ARGS[0], enc:FALSE);\n}\n\n##\n# Sets an error message\n#\n# @anonparam msg The error message.\n#\n# @return NULL.\n##\nfunction ssl3_set_error()\n{\n _ssl['error'] = _FCT_ANON_ARGS[0];\n\n return NULL;\n}\n\n##\n# Get last error message.\n#\n# @return Last error message.\n##\nfunction ssl3_get_lasterror()\n{\n if (_ssl['version'] == TLS_10)\n return \"[TLSv1] \" + _ssl['error'];\n if (_ssl['version'] == SSL_V3)\n return \"[SSLv3] \" + _ssl['error'];\n}\n\n##\n# Tries to make an SSL/TLS connection to the server.\n#\n# @return TRUE for success, FALSE otherwise.\n##\nfunction ssl3_connect()\n{\n local_var cert, cipher, ckex, clt_finished, clt_random;\n local_var dh_privkey, pubkey;\n local_var dh_x, e, embedded_mac, embedded_srv_finished;\n local_var end, hs, i,keyblk, len, mac, mac_size;\n local_var real_master, empty_master, msg, n, padlen, parsed, pkt, plain, port;\n local_var premaster, rec, recs, skex, soc, srv_finished, srv_random;\n local_var start, version, x;\n\n # Get a socket to perform a handshake.\n port = _ssl['port'];\n soc = open_sock_ssl(port);\n if (!soc)\n return ssl3_set_error('Failed to connect to port ' + port + '.');\n\n version = _ssl['version'];\n cipher = _ssl['cipher'];\n\n # Make a ClientHello msg.\n msg =\n mkword(version) + # Client version\n dec2hex(num:unixtime()) + # Challenge, epoch portion\n rand_str(length:28) + # Challenge, random portion\n ssl_vldata_put(data:'', len:1) + # Session ID\n ssl_vldata_put(data:cipher, len:2) + # Cipher spec\n ssl_vldata_put(data:'\\x00', len:1) + # Compression spec\n ssl_vldata_put(data:tls_ext_ec(keys(curve_nid.tls)), len:2); # supported curves\n msg = ssl_mk_handshake_msg(data:msg, type:SSL3_HANDSHAKE_TYPE_CLIENT_HELLO);\n rec = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n\n # Send the ClientHello record.\n send(socket:soc, data:rec);\n\n # Parse the ClientHello record.\n parsed = ssl_parse(blob:rec);\n clt_random = mkdword(parsed['time']) + parsed['random'];\n\n # Start collecting the bodies of handshake messages, which are used\n # to generate the encrypted Finished message.\n hs = substr(rec, 5, strlen(rec) - 1);\n\n # Read records one at a time. Expect to see at a minimum:\n # ServerHello, Certificate, and ServerHelloDone.\n while (TRUE)\n {\n # Receive records from the server.\n recs = recv_ssl(socket:soc);\n if (isnull(recs))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': server did not respond to ClientHello.');\n }\n\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_ALERT\n );\n if (!isnull(rec)) return ssl3_set_error('Port ' + port + ': server returned an alert when sent a ClientHello message.');\n\n # Collect the body of the message, including all records.\n hs += substr(recs, 5, strlen(recs) - 1);\n\n # ServerHello: Extract the random data for computation of keys.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO\n );\n\n if (!isnull(rec))\n {\n # Check handshake version returned by the server, and ensure\n # that it hasn't downgraded the version.\n if (rec['handshake_version'] != _ssl['version'])\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': SSL/TLS protocol version mismatch.');\n }\n\n srv_random = mkdword(rec['time']) + rec['random'];\n\n # Wacko SSL servers might return a cipher suite not in the\n # client's request list.\n if (!ssl3_cipher_in_list(mkword(rec['cipher_spec']), _ssl['cipher']))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': server returned a cipher suite not in list supported by client.');\n }\n\n # Store the negotiated cipher suite.\n _ssl['cipher'] = rec['cipher_spec'];\n _ssl['cipher_desc'] = ssl3_get_cipher_desc();\n }\n\n # Certificate: Extract the server's public key.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_CERTIFICATE\n );\n\n if (!isnull(rec) && max_index(rec['certificates']) > 0)\n {\n # First cert in the chain should be the server cert.\n cert = parse_der_cert(cert:rec['certificates'][0]);\n if (isnull(cert))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': server certificate could not be parsed.');\n }\n\n cert = cert['tbsCertificate'];\n }\n\n # Server Key Exchange.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE\n );\n\n if (!isnull(rec['data']))\n skex = ssl_parse_srv_kex(blob:rec['data'], cipher:_ssl['cipher_desc']);\n\n # Certificate Request.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_CERTIFICATE_REQUEST\n );\n\n if (!isnull(rec['data']))\n _ssl['clt_cert_requested'] = TRUE;\n\n # Server Hello Done.\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n 'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO_DONE\n );\n\n if (!isnull(rec)) break;\n }\n\n # Packet will contain ClientCertificate, ClientKeyExchange,\n # ChangeCipherSpec, and Finished.\n pkt = '';\n\n # Create an empty client certificate if one is requested.\n if (_ssl['clt_cert_requested'])\n {\n # Send an empty certificate for now. TLSv1.0 says the client can\n # send an empty certificate, but not sure what SSLv3 says.\n msg = ssl_mk_handshake_msg(\n type : SSL3_HANDSHAKE_TYPE_CERTIFICATE,\n data : ssl_vldata_put(data:NULL,len:3)\n );\n hs += msg;\n\n rec = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n pkt += rec;\n }\n\n # Process ServerCertificate and ServerKeyExchange messages.\n var cipher_kex = cipher_field(name:_ssl['cipher_desc'], field:\"kex\");\n if (cipher_kex =~ \"RSA($|\\()\")\n {\n if (isnull(cert))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': No server certificate was found.');\n }\n\n if (isnull(cert['subjectPublicKeyInfo']) || isnull(cert['subjectPublicKeyInfo'][1]))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': A server certificate with an unsupported algorithm was found.');\n }\n\n n = cert['subjectPublicKeyInfo'][1][0];\n e = cert['subjectPublicKeyInfo'][1][1];\n if(isnull(n) || isnull(e))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': Failed to extract public key from server certificate.');\n }\n\n # Create the premaster secret.\n premaster = mkword(version) + rand_str(length:46);\n\n # Encrypt the premaster secret with server's RSA public key.\n ckex = rsa_public_encrypt(data:premaster, n:n, e:e);\n\n # Encode the client key exchange data.\n #\n # It looks like TLS 1.0 and up prepend a two-byte length, but the\n # RFC is vague.\n if (_ssl['version'] >= TLS_10)\n ckex = ssl_vldata_put(data:ckex, len:2);\n }\n else if (cipher_kex =~ \"ECDH($|\\()\" && ecc_functions_available())\n {\n if (isnull(skex))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': no ServerKeyExchange info (ECDH).');\n }\n\n # Generate the client private key\n dh_privkey = rand_str(length:16);\n\n # Compute the premaster secret\n premaster = ecc_scalar_multiply(\n curve_nid:curve_nid.tls[skex['named_curve']],\n scalar:dh_privkey,\n x:substr(skex['pubkey'], 1, (strlen(skex['pubkey'])) / 2),\n y:substr(skex['pubkey'], (strlen(skex['pubkey']) / 2) + 1)\n );\n # Just the X coordinate of the curve point is used\n premaster = ecc_fe2osp(element:premaster.x, curve_nid:curve_nid.tls[skex['named_curve']]);\n\n pubkey = ecc_scalar_multiply(\n curve_nid:curve_nid.tls[skex['named_curve']],\n scalar:dh_privkey\n );\n\n pubkey.x = ecc_fe2osp(element:pubkey.x, curve_nid:curve_nid.tls[skex['named_curve']]);\n pubkey.y = ecc_fe2osp(element:pubkey.y, curve_nid:curve_nid.tls[skex['named_curve']]);\n\n ckex = ssl_vldata_put(\n # Uncompressed curve point encoding\n data:'\\x04' + pubkey.x + pubkey.y,\n len:1\n );\n }\n else if (cipher_kex =~ \"DH($|\\()\")\n {\n if (isnull(skex))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': no ServerKeyExchange info (DH).');\n }\n\n # Generate the client private key,\n x = rand_str(length:16);\n\n # Compute g^x mod p.\n dh_x = bn_mod_exp(skex['dh_g'], x, skex['dh_p']);\n\n # Compute the premaster secret.\n premaster = bn_mod_exp(skex['dh_y'], x, skex['dh_p']);\n\n # Encode the client key exchange data.\n ckex = ssl_vldata_put(data:dh_x, len:2);\n }\n else\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': unsupported key exchange method ' + _ssl['cipher_desc'] + '.');\n }\n\n # Send an early ChangeCipherSpec message\n send(socket:soc, data:ssl_mk_record(type:SSL3_CONTENT_TYPE_CHANGECIPHERSPEC, data:mkbyte(1), version:version));\n\n # Check if the server responded to our early ChangeCipherSpec message. Vulnerable services do not.\n rec = recv_ssl(socket:soc, partial:TRUE);\n\n # Microsoft SSL services will close the connection with a TCP RST\n if (isnull(rec) && socket_get_error(soc) == ECONNRESET)\n return ssl3_set_error('Port ' + port + ': closed the connection when sent an early ChangeCipherSpec message.');\n\n # If we got something back, it might be an alert or it might be garbage\n if (!isnull(rec))\n {\n rec = ssl_find(\n blob:rec,\n 'content_type', SSL3_CONTENT_TYPE_ALERT,\n 'description', SSL3_ALERT_TYPE_UNEXPECTED_MESSAGE,\n 'level', SSL3_ALERT_TYPE_FATAL\n );\n\n close(soc);\n\n if (!isnull(rec))\n return ssl3_set_error('Port ' + port + ': returned an SSL \"unexpected message\" alert when sent an early ChangeCipherSpec message.');\n else\n return ssl3_set_error('Port ' + port + ': responded to an early ChangeCipherSpec message, but not with an \"unexpected message\" alert.');\n }\n\n # Use an empty master secret for all MACs and encryption.\n empty_master = '';\n\n # Compute the 'real' master key. We need this when computing the Finished message\n real_master = ssl_calc_master(\n premaster : premaster,\n c_random : clt_random,\n s_random : srv_random,\n version : version\n );\n\n keyblk = ssl_derive_keyblk(\n master : empty_master,\n c_random : clt_random,\n s_random : srv_random,\n version : version\n );\n\n if (!ssl3_set_keys(keyblk))\n {\n close(soc);\n return ssl3_set_error('Failed to set SSL keys.');\n }\n\n # Create a ClientKeyExchange message.\n msg = ssl_mk_handshake_msg(type:SSL3_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE, data:ckex);\n hs += msg;\n\n # MAC and encrypt the ClientKeyExchange message (because we've sent an early CCS)\n msg += ssl3_mac(data:msg, type:SSL3_CONTENT_TYPE_HANDSHAKE);\n msg = ssl3_encrypt(msg);\n _ssl['clt_seq']++;\n\n pkt = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n send(socket:soc, data:pkt);\n\n # Compute the Finished value for the client. All of the messages are encrypted/protected with the\n # empty master secret, but the Finished hash uses the correct master secret.\n clt_finished = ssl_calc_finished(master:real_master, handshake:hs, is_client:TRUE, version:version);\n msg = ssl_mk_handshake_msg(type:SSL3_HANDSHAKE_TYPE_FINISHED, data:clt_finished);\n hs += msg;\n\n # MAC and encrypt the ClientKeyExchange message (because we've sent an early CCS)\n msg += ssl3_mac(data:msg, type:SSL3_CONTENT_TYPE_HANDSHAKE);\n msg = ssl3_encrypt(msg);\n _ssl['clt_seq']++;\n\n pkt = ssl_mk_record(type:SSL3_CONTENT_TYPE_HANDSHAKE, data:msg, version:version);\n send(socket:soc, data:pkt);\n\n # Compute the Finished value for the server.\n #\n # The server has one more handshake message (the client's Finished)\n # to include when computing its Finished value.\n srv_finished = ssl_calc_finished(master:real_master, handshake:hs, is_client:FALSE, version:version);\n\n while (TRUE)\n {\n # Receive records from the server.\n recs = recv_ssl(socket:soc);\n if (isnull(recs))\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': server did not send the Finished message.');\n }\n\n rec = ssl_find(\n blob:recs,\n 'content_type', SSL3_CONTENT_TYPE_ALERT\n );\n if (!isnull(rec)) return ssl3_set_error('Port ' + port + ': server returned an alert when sent messages encrypted with empty master secret.');\n\n # We are expecting a single encrypted record: the server's Finished.\n # It will be encrypted/MACed with the empty master secret, but its Finished hash will\n # use the correct master secret.\n rec = ssl_find(\n blob:recs,\n encrypted:TRUE,\n 'content_type', SSL3_CONTENT_TYPE_HANDSHAKE\n );\n if (isnull(rec)) continue;\n\n # Decrypt the record's body.\n plain = ssl3_decrypt(rec['data']);\n\n # Get the length of the padding.\n len = strlen(plain);\n padlen = getbyte(blob:plain, pos:len - 1);\n mac_size = strlen(_ssl['enc_mac_key']);\n # Check pad length\n if (padlen + 1 + mac_size > len)\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': invalid padlen '+padlen+'.');\n }\n\n # Check pad bytes for TLS 1.0\n # Each pad byte must be the same as the padlen, per TLS 1.0 RFC\n if(_ssl['version'] >= TLS_10)\n {\n for (i = 0; i < padlen; i++)\n {\n if(ord(plain[len - 2 -i]) != padlen)\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': invalid block cipher padding.');\n }\n }\n }\n\n # Extract the MAC.\n end = len - (padlen + 1) - 1;\n start = end - mac_size + 1;\n embedded_mac = substr(plain, start, end);\n\n # Extract the Finished record.\n end = start - 1;\n start = 0;\n msg = substr(plain, start, end);\n\n # Extract the server's Finished value.\n #\n # Handshake message data starts after the 1-byte handshake type\n # and 3-byte handshake message length.\n embedded_srv_finished = substr(msg, 1 + 3);\n\n # Check the embedded MAC against ours.\n mac = ssl3_mac(data:msg, type:SSL3_CONTENT_TYPE_HANDSHAKE, client:FALSE);\n if (mac != embedded_mac)\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': MACs do not match, failed to decrypt server Finished message.');\n }\n\n # Check the embedded Finished value against ours.\n if (srv_finished != embedded_srv_finished)\n {\n close(soc);\n return ssl3_set_error('Port ' + port + ': bad server Finished message.');\n }\n\n # All tests have been passed, so the handshake phase is complete.\n break;\n }\n\n _ssl['sock'] = soc;\n _ssl['clt_seq']++;\n _ssl['srv_seq']++;\n\n close(soc);\n return TRUE;\n}\n\n##\n# Initialize the SSL structure.\n#\n# @param port Port on which to make an SSL connection.\n# @param cipher_list A list of cipher suite IDs to support.\n# @param version The SSL version ID.\n#\n# @return TRUE if nothing went wrong.\n##\nfunction ssl3_init(port, cipher_list, version)\n{\n local_var cipher, supported;\n\n # Check for the existence of some crypto functions.\n if (!defined_func('bn_mod_exp'))\n {\n return ssl3_set_error('function bn_mod_exp() not defined.');\n }\n if (!defined_func('rsa_public_encrypt'))\n {\n return ssl3_set_error('function rsa_public_encrypt() not defined.');\n }\n if (!defined_func('aes_cbc_encrypt'))\n {\n return ssl3_set_error('function aes_cbc_encrypt() not defined.');\n }\n if (!defined_func('aes_cbc_decrypt'))\n {\n return ssl3_set_error('function aes_cbc_decrypt() not defined.');\n }\n\n # Check SSL version.\n if (version != SSL_V3 && version != TLS_10)\n {\n return ssl3_set_error('SSL/TLS version ' + hexstr(mkword(version)) + ' is not supported.');\n }\n _ssl['version'] = version;\n\n # Check cipher suites.\n supported =\n ciphers['TLS1_CK_RSA_WITH_AES_256_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA'] +\n ciphers['TLS1_CK_RSA_WITH_DES_CBC_SHA'] +\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA'] +\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA'];\n\n foreach cipher (cipher_list)\n {\n if (!ssl3_cipher_in_list(cipher, supported))\n return ssl3_set_error(FALSE, 'cipher suite ' + hexstr(cipher) + ' is not supported.');\n }\n\n # Initially set to a list of cipher suites supported by the client.\n # When ServerHello is received, it's set to the agreed cipher.\n _ssl['cipher'] = '';\n foreach cipher (cipher_list)\n {\n _ssl['cipher'] += cipher;\n }\n\n # Sequence number is incremented for each SSL record sent in each\n # direction. It's 64 bits long and used when computing the MAC of a\n # message. We use a 32-bit sequence number here as we don't expect\n # to use more than 2^32 records. When the 64-bit number is required\n # for certain operations, we just prepend 4 zero bytes in the front.\n _ssl['clt_seq'] = 0;\n _ssl['srv_seq'] = 0;\n\n # SSL uses big endian format.\n set_byte_order(BYTE_ORDER_BIG_ENDIAN);\n\n # Keep track of whether the mitigation techniques are seen.\n _ssl['empty_rec'] = FALSE;\n _ssl['one_byte_rec'] = FALSE;\n\n # Whether a certificate has been requested by the server.\n _ssl['clt_cert_req'] = FALSE;\n\n # Keep track of received, unprocessed application data.\n _ssl['app_data'] = '';\n\n # Number of application data records received\n _ssl['app_recs'] = 0;\n\n _ssl['port'] = port;\n\n return TRUE;\n}\n\nget_kb_item_or_exit('SSL/Supported');\n\n# Get a port that uses SSL.\nport = get_ssl_ports(fork:TRUE);\n\nif (isnull(port))\n exit(1, 'The host does not appear to have any SSL-based services.');\n\n# Find out if the port is open.\nif (!get_port_state(port))\n audit(AUDIT_PORT_CLOSED, port, \"TCP\");\n\n# Supported cipher suites used by this script.\ncipher_list = make_list(\n ciphers['TLS1_CK_RSA_WITH_AES_256_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA'],\n ciphers['TLS1_CK_RSA_WITH_DES_CBC_SHA']\n);\n\nif (ecc_functions_available())\n{\n cipher_list = make_list(\n cipher_list,\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA'],\n ciphers['TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA']\n );\n}\n\nvulnerable = FALSE;\naudit_message = '';\n\n# Try SSLv3 first.\nif (ssl3_init(port:port, version:SSL_V3, cipher_list:cipher_list))\n if (ssl3_connect())\n vulnerable = TRUE;\n\n# If SSLv3 failed, for any reason (lack of support, simply not vulnerable)\n# we will save the reason, and try TLSv1.\nif (!vulnerable)\n{\n audit_message += ssl3_get_lasterror();\n # Try TLSv1\n if (ssl3_init(port:port, version:TLS_10, cipher_list:cipher_list))\n if (ssl3_connect())\n vulnerable = TRUE;\n}\n\nif (!vulnerable)\n{\n audit_message += \" \" + ssl3_get_lasterror();\n exit(1, audit_message);\n}\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n report =\n '\\nThe remote service on port ' + port + ' accepted an early ChangeCipherSpec message, which caused ' +\n '\\nthe MAC and encryption keys to be derived entirely from public information. The entire SSL ' +\n '\\nhandshake was completed, with the server accepting and producing messages encrypted and ' +\n '\\nauthenticated using these weak keys.' +\n '\\n';\n}\n\nset_kb_item(name:\"SSL/earlyccs-1.0.1/\" + port, value:\"true\");\nsecurity_warning(port:port, extra:report);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:01:40", "bulletinFamily": "software", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2015-03-11T00:00:00", "published": "2014-06-13T00:00:00", "id": "HUAWEI-SA-20140613-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-345106", "title": "Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products", "type": "huawei", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Multiple Vulnerabilities in OpenSSL", "modified": "2019-03-14T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310105209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105209", "type": "openvas", "title": "FortiOS: Multiple Vulnerabilities in OpenSSL", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fortiweb_FG-IR-14-018.nasl 14184 2019-03-14 13:29:04Z cfischer $\n#\n# FortiOS: Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:fortinet:fortiweb\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105209\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0221\", \"CVE-2014-0195\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14184 $\");\n\n script_name(\"FortiOS: Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n\n script_tag(name:\"impact\", value:\"CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted\ncommunications.\n\nCVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.\n\nCVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.\n\nCVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS\nis enabled.\n\nCVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue\ndoes not affect Fortinet products.\n\nCVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply\nto Fortinet products.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to FortiWeb 5.3.1 or higher.\");\n\n script_tag(name:\"summary\", value:\"Multiple Vulnerabilities in OpenSSL\");\n\n script_tag(name:\"affected\", value:\"FortiWeb < 5.3.1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 14:29:04 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 12:17:13 +0100 (Wed, 11 Feb 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"FortiOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_fortiweb_version.nasl\");\n script_mandatory_keys(\"fortiweb/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nversion = get_app_version( cpe:CPE );\nif( ! version )\n version = get_kb_item(\"fortiweb/version\");\n\nif( ! version ) exit( 0 );\n\nfix = \"5.3.1\";\n\nif( version_is_less( version:version, test_version:fix ) )\n{\n model = get_kb_item(\"fortiweb/model\");\n if( ! isnull( model ) ) report = 'Model: ' + model + '\\n';\n report += 'Installed Version: ' + version + '\\nFixed Version: ' + fix + '\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:18:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Multiple Vulnerabilities in OpenSSL", "modified": "2019-07-24T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310105202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105202", "type": "openvas", "title": "FortiOS: Multiple Vulnerabilities in OpenSSL", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FortiOS: Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:fortinet:fortianalyzer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105202\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0221\", \"CVE-2014-0195\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-07-24T08:39:52+0000\");\n\n script_name(\"FortiOS: Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n\n script_tag(name:\"impact\", value:\"CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted\ncommunications.\n\nCVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.\n\nCVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.\n\nCVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS\nis enabled.\n\nCVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue\ndoes not affect Fortinet products.\n\nCVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply\nto Fortinet products.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to FortiAnalyzer 5.2.0/5.0.7 (build 321) or higher.\");\n\n script_tag(name:\"summary\", value:\"Multiple Vulnerabilities in OpenSSL\");\n\n script_tag(name:\"affected\", value:\"FortiAnalyzer < 5.2.0/5.0.7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 12:17:13 +0100 (Wed, 11 Feb 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"FortiOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_fortianalyzer_version.nasl\");\n script_mandatory_keys(\"fortianalyzer/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nversion = get_app_version( cpe:CPE );\nif( ! version )\n version = get_kb_item(\"fortianalyzer/version\");\n\nif( ! version ) exit( 0 );\n\nif( version =~ \"^5\\.2\" )\n fix = \"5.2.0\";\n\nelse if( version =~ \"^5\\.0\" )\n{\n fix = '5.0.7';\n build = get_kb_item(\"fortianalyzer/build\");\n if( build )\n {\n if( int( build ) >= 321 ) exit( 99 );\n }\n}\n\nif( ! fix ) exit( 0 );\n\nif( version_is_less( version:version, test_version:fix ) )\n{\n model = get_kb_item(\"fortianalyzer/model\");\n if( ! isnull( model ) ) report = 'Model: ' + model + '\\n';\n report += 'Installed Version: ' + version + '\\nFixed Version: ' + fix + '\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-25T12:19:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Multiple Vulnerabilities in OpenSSL", "modified": "2019-07-24T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310105203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105203", "type": "openvas", "title": "FortiOS: Multiple Vulnerabilities in OpenSSL", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FortiOS: Multiple Vulnerabilities in OpenSSL\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:fortinet:fortigate\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105203\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0221\", \"CVE-2014-0195\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-07-24T08:39:52+0000\");\n\n script_name(\"FortiOS: Multiple Vulnerabilities in OpenSSL\");\n\n script_xref(name:\"URL\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n\n script_tag(name:\"impact\", value:\"CVE-2014-0224 may allow an attacker with a privileged network position (man-in-the-middle) to decrypt SSL encrypted\ncommunications.\n\nCVE-2014-0221 may allow an attacker to crash a DTLS client with an invalid handshake.\n\nCVE-2014-0195 can result in a buffer overrun attack by sending invalid DTLS fragments to an OpenSSL DTLS client or server.\n\nCVE-2014-0198 and CVE-2010-5298 may allow an attacker to cause a denial of service under certain conditions, when SSL_MODE_RELEASE_BUFFERS\nis enabled.\n\nCVE-2014-3470 may allow an attacker to trigger a denial of service in SSL clients when anonymous ECDH ciphersuites are enabled. This issue\ndoes not affect Fortinet products.\n\nCVE-2014-0076 can be used to discover ECDSA nonces on multi-user systems by exploiting timing attacks in CPU L3 caches. This does not apply\nto Fortinet products.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to FortiGate 4.3.16 (build 686), 5.2.0 (build 589), 5.0.8 (build 291) or higher.\");\n\n script_tag(name:\"summary\", value:\"Multiple Vulnerabilities in OpenSSL\");\n\n script_tag(name:\"affected\", value:\"FortiGate < 4.3.16 (build 686), 5.2.0 (build 589), 5.0.8 (build 291)\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 12:17:13 +0100 (Wed, 11 Feb 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"FortiOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_fortigate_version.nasl\");\n script_mandatory_keys(\"fortigate/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nversion = get_app_version( cpe:CPE );\nif( ! version )\n version = get_kb_item(\"fortigate/version\");\n\nif( ! version ) exit( 0 );\n\nif( version =~ \"^5\\.2\" )\n{\n fix = \"5.2.0\";\n fix_str = '5.2.0 Build 589';\n build = get_kb_item(\"fortigate/build\");\n if( build )\n {\n if( int( build ) >= 589 ) exit( 99 );\n }\n}\n\nelse if( version =~ \"^5\\.0\" )\n{\n fix = '5.0.8';\n fix_str = '5.0.8 Build 291';\n build = get_kb_item(\"fortigate/build\");\n if( build )\n {\n if( int( build ) >= 291 ) exit( 99 );\n }\n}\nelse if( version =~ \"^4\\.3\" )\n{\n fix = '4.3.16';\n fix_str = '4.3.16 Build 686';\n build = get_kb_item(\"fortigate/build\");\n if( build )\n {\n if( int( build ) >= 686 ) exit( 99 );\n }\n}\n\nif( ! fix ) exit( 0 );\n\nif( version_is_less( version:version, test_version:fix ) )\n{\n model = get_kb_item(\"fortigate/model\");\n if( ! isnull( model ) ) report = 'Model: ' + model + '\\n';\n report += 'Installed Version: ' + version + '\\nFixed Version: ' + fix_str + '\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "McAfee Email Gateway is vulnerable to a batch of OpenSSL vulnerabilities", "modified": "2018-10-12T00:00:00", "published": "2015-01-07T00:00:00", "id": "OPENVAS:1361412562310105158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105158", "type": "openvas", "title": "McAfee Email Gateway - OpenSSL vulnerabilities patched in McAfee products", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mcafee_email_gateway_sb10075.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# McAfee Email Gateway - OpenSSL vulnerabilities patched in McAfee products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mcafee:email_gateway\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105158\");\n script_cve_id(\"CVE-2014-0224\", \"CVE-2014-0221\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2010-5298\", \"CVE-2014-3470\", \"CVE-2014-0076\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11872 $\");\n\n script_name(\"McAfee Email Gateway - OpenSSL vulnerabilities patched in McAfee products\");\n\n script_xref(name:\"URL\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10075\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed version and hotfixes\");\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"McAfee Email Gateway is vulnerable to a batch of OpenSSL vulnerabilities\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-07 17:42:14 +0100 (Wed, 07 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_mcafee_email_gateway_version.nasl\");\n script_mandatory_keys(\"mcafee_email_gateway/product_version\", \"mcafee_email_gateway/patches\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\nproduct = get_kb_item(\"mcafee_email_gateway/product_name\");\nif( ! product ) product = 'McAfee Email Gateway';\n\nif( ! patches = get_kb_item(\"mcafee_email_gateway/patches\") ) exit( 0 );\n\nif( version =~ \"^7\\.0\\.\" )\n{\n fixed = '7.0.2934.109';\n patch = '7.0.5h973323';\n}\n\nelse if (version =~ \"^7\\.5\\.\")\n{\n fixed = \"7.5.2846.121\";\n patch = \"7.5h968383\";\n}\n\nelse if (version =~ \"^7\\.6\\.\")\n{\n fixed = \"7.6.3044.102\";\n patch = \"7.6h968406\";\n}\n\nelse\n exit( 0 );\n\nif( patch >< patches ) exit( 99 );\n\nif( version_is_less( version:version, test_version:fixed ) )\n{\n report = product + ' (' + version + ') is missing the patch ' + patch + '.\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 0 );\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Oracle Linux Local Security Checks ELSA-2014-0679", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123365", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0679.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123365\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:49 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0679\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0679 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0679\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0679.html\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~34.el7_0.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Gentoo Linux Local Security Checks GLSA 201407-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121244", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201407-05", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201407-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121244\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:40 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201407-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201407-05\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201407-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1h-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.0m\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p2\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p3\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p4\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p5\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p8\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p9\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1h-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310881946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881946", "type": "openvas", "title": "CentOS Update for openssl CESA-2014:0625 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2014:0625 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881946\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:34:08 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\",\n \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl CESA-2014:0625 centos6\");\n\n script_tag(name:\"affected\", value:\"openssl on CentOS 6\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. Please see the references or more information about this flaw.\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0625\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.14\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2018-12-04T00:00:00", "published": "2014-07-04T00:00:00", "id": "OPENVAS:1361412562310871183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871183", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0679-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0679-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871183\");\n script_version(\"$Revision: 12634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:53 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:0679-01\");\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Server (v. 7)\");\n\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0679-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00020.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~34.el7_0.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "The remote host is missing an update for the ", "modified": "2018-12-04T00:00:00", "published": "2014-06-09T00:00:00", "id": "OPENVAS:1361412562310871172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871172", "type": "openvas", "title": "RedHat Update for openssl RHSA-2014:0625-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2014:0625-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871172\");\n script_version(\"$Revision: 12634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 15:44:30 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\",\n \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl RHSA-2014:0625-01\");\n\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, Jri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGrbert and Ivan Fratri of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0625-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Oracle Linux Local Security Checks ELSA-2014-0625", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123403", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0625.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123403\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0625\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0625 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0625\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0625.html\");\n script_cve_id(\"CVE-2010-5298\", \"CVE-2014-0195\", \"CVE-2014-0198\", \"CVE-2014-0221\", \"CVE-2014-0224\", \"CVE-2014-3470\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~16.el6_5.14\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisco": [{"lastseen": "2021-02-26T06:47:47", "bulletinFamily": "software", "cvelist": ["CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack. On June 5, 2014, the OpenSSL Project released a security advisory detailing seven distinct vulnerabilities. The vulnerabilities are referenced in this document as follows:\n\n SSL/TLS Man-in-the-Middle Vulnerability\n DTLS Recursion Flaw Vulnerability\n DTLS Invalid Fragment Vulnerability\n SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability\n SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability\n Anonymous ECDH Denial of Service Vulnerability\n ECDSA NONCE Side-Channel Recovery Attack Vulnerability\n\nPlease note that the devices that are affected by this vulnerability are the devices acting as a Secure Sockets Layer (SSL) or Datagram Transport Layer Security (DTLS) server terminating SSL or DTLS connections or devices acting as an SSL client initiating an SSL or DTLS connection. Devices that are simply traversed by SSL or DTLS traffic without terminating it are not affected.\n\nCisco will release software updates that address these vulnerabilities. \n\nWorkarounds that mitigate these vulnerabilities may be available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl\"]", "modified": "2015-03-27T19:50:00", "published": "2014-06-05T22:40:00", "id": "CISCO-SA-20140605-OPENSSL", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl", "type": "cisco", "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "citrix": [{"lastseen": "2020-11-18T15:29:37", "bulletinFamily": "software", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<p> <a name=\"TopOfPage\"></a></p>\n<p> <span> <b>Overview</b></span></p>\n<p> <span>The OpenSSL security advisory released on the 5th of June 2014 disclosed six security vulnerabilities in this open source component; these are described below:</span></p>\n<ul>\n<p> <span>\u2022 CVE-2014-0224: SSL/TLS MITM vulnerability</span></p>\n<p> <span>\u2022 CVE-2014-0221: DTLS recursion flaw</span></p>\n<p> <span>\u2022 CVE-2014-0195: DTLS invalid fragment vulnerability</span></p>\n<p> <span>\u2022 CVE-2014-0198: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference</span></p>\n<p> <span>\u2022 CVE-2010-5298: SSL_MODE_RELEASE_BUFFERS session injection or denial of service</span></p>\n<p> <span>\u2022 CVE-2014-3470: Anonymous ECDH denial of service</span></p>\n</ul>\n<p> <span>For more details on the underlying CVEs please refer to the OpenSSL security advisory: <u> <a href=\"https://www.openssl.org/news/secadv_20140605.txt\">https://www.openssl.org/news/secadv_20140605.txt</a></u></span></p>\n<p> <span>As noted in the OpenSSL security advisory, CVE-2014-0224 is currently only believed to be exploitable in scenarios where an unpatched OpenSSL based client is connecting to an unpatched OpenSSL 1.0.1 based server. As patching the server components addresses the currently known attack, Citrix recommends that customers apply any required patches to server-side components to mitigate this issue.</span></p>\n<p> <span>In deployments where Citrix client components are used to make TLS connections to non-Citrix servers, Citrix recommends that customers verify with the vendors that those server components are not impacted by CVE-2014-0224.</span></p>\n<p> <span> <b>What Citrix is Doing</b></span></p>\n<p> <span>Citrix is actively analyzing the impact of this issue on currently supported products. The following sections of this advisory provide current information on each product.</span></p>\n<p> <span> <b>Components that require Citrix updates:</b></span></p>\n<ul>\n<p> <b>\u2022 Citrix CloudBridge:</b> Updated appliance firmware has been released to address this vulnerability on Citrix CoudBridge. Customers are advised to upgrade their appliances to version 7.3.0 or later or 7.2.2 or later. These updated versions are availble from the Citrix website at the following address: <a href=\"https://www.citrix.com/downloads/cloudbridge/firmware/\">https://www.citrix.com/downloads/cloudbridge/firmware/</a></p>\n<p> <span> <b>\u2022 Citrix CloudPlatform:</b> The TLS interface exposed by the Secondary Storage VM in Cloud Platform versions 4.2, 4.2.1, 4.2.1-x, 4.3, and 4.3.0.1 are impacted by CVE- 2014-0224. Citrix has released updated system virtual machine templates to resolve this issue. Citrix recommends that customers update the system virtual machine templates to a patched version and then reboot any Secondary Storage VMs to ensure that the updated OpenSSL version is being used. Instructions on updating the system virtual machine templates can be found in the following Citrix Knowledge Center article <u> <a href=\"https://support.citrix.com/article/CTX200024\">https://support.citrix.com/article/CTX200024</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix NetScaler IPMI/LOM Interface:</b> This interface is impacted by these issues. Additional details will be added to this document as soon as they are available.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile App Controller:</b> XenMobile App Controller versions 2.9 and 2.10 are impacted by CVE-2014-0224. Patches have been released to address this issue for both App controller 2.9 and 2.10. Citrix recommends that customers deploy these patches as soon as possible. These patches are available from the following location: <u> <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a></u></span></p>\n<p> <span> <b>\u2022 Citrix Licensing:</b> Currently supported versions of the Citrix License Server for Windows and the License Server VPX are impacted by CVE-2014-0224. New versions of the License Server for Windows and License Server VPX have been released to address this issue. These new versions can be found at the following location: Version 11.12.1: <a href=\"https://www.citrix.com/downloads/licensing/license-server.html\">https://www.citrix.com/downloads/licensing/license-server.html</a>. </span></p>\n<p> <span> <b>\u2022 Citrix VDI-in-a-Box:</b> Currently supported versions of Citrix VDI-in-a-Box appliances are impacted by CVE-2014-0224. New VDI-in-a-Box appliances have been released to address this vulnerability. Citrix recommends that customers migrate their VDI-in-a-Box deployments to these versions or deploy new appliances. These updated appliances can be obtained from the following location: Version 5.4.4: <u> <a href=\"https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-54\">https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-54</a></u>. Version 5.3.8: <u> <a href=\"https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-53\">https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-53</a></u>. A MyCitrix login is required to access these files. Information on how to verify the version of OpenSSL in use can be found in the following document: CTX140975 \u2013 <a href=\"https://support.citrix.com/article/CTX140975\">How to Check OpenSSL Version in a VDI-in-a-Box Appliance</a>. Further information on how to apply the upgrades can be found in the following document: CTX140490 \u2013 <a href=\"/article/CTX140490\">VDI-in-a-Box Hotfix Upgrades</a>.</span></p>\n<p> <span> <b>\u2022 Citrix XenClient Enterprise:</b> XenClient Enterprise versions prior to 5.1.3 are impacted by CVE-2010-5298. Citrix has released versions 5.1.3 and 4.5.7 to address this issue. Citrix recommends that customers update their XenClient Enterprise installations. The updated software can be found at the following locations: 5.1.3: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-5</a>1.</u> 4.5.7: <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45</a></span></p>\n</ul>\n<p> <b>\u2022 HDX RealTime Optimization Pack for Microsoft Lync 2010:</b> This component is impacted by CVE-2014-0224. An updated version of this component has been released to address this issue. Citrix recommends customers deploy these patches as soon as possible. More information on how to download and apply the updated version can be found at the following address: <a href=\"http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-15/hdx-realtime-optimization-pack-download-15.html\">http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-15/hdx-realtime-optimization-pack-download-15.html</a><br/> </p>\n<p> <span> <b>Components that may require third-party updates:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix Web Interface:</b> Web Interface makes use of the TLS functionality provided by the underlying web server. Citrix customers are advised to verify that any deployed web servers used to host Web Interface are not vulnerable to these issues. </span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Business Manager:</b> This product does not include any TLS libraries and, as such, is not vulnerable to these issues. Some customer deployments may make use of an additional SSL proxy component; Citrix advises customers to contact the vendors of any SSL proxy components being used to determine if they are vulnerable to these CVEs.</span></p>\n</ul>\n<p> <span> <b>Components that are not impacted:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix XenDesktop Delivery Controller (DDC): </b>Currently supported versions of the DDC do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix XenDesktop Virtual Desktop Agent (VDA): </b>Currently supported versions of the VDA do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Studio: </b>Currently supported versions of Citrix Studio do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Director:</b> Currently supported versions of Citrix Desktop Director do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix XenApp:</b> Currently supported versions of Citrix XenApp servers and administrative consoles do not use a TLS library that is vulnerable to these issues. Customers are advised to verify that their XenApp deployments do not contain any other vulnerable components listed in this advisory. </span></p>\n<p> <span> <b>\u2022 Citrix Edgesight: </b>Currently supported versions of Citrix Edgesight do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Profile Management (UPM):</b> Currently supported versions of Citrix UPM do not use a TLS library that is vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Merchandising Server: </b>The TLS server component of currently supported versions of Citrix Merchandising Server is not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix StoreFront:</b> The TLS library used by currently supported versions of Citrix Storefront is not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Password Manager: </b>The TLS server component of currently supported versions of Citrix Password Manager is not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix NetScaler Packet Engine:</b> The core packet engine functionality of currently supported versions of Citrix NetScaler is not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix NetScaler Gateway:</b> The SSL Server functionality of NetScaler Gateway, formerly Access Gateway Enterprise Edition, is not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix XenServer:</b> When acting as an SSL server, the TLS libraries used by currently supported versions of Citrix XenServer are not vulnerable to these issues. </span></p>\n<p> <span> <b>\u2022 Citrix Secure Gateway:</b> When acting as an SSL server, the TLS libraries used by the currently supported version of Citrix Secure Gateway are not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix SSL Relay:</b> The TLS libraries used by the currently supported version of the SSL Relay are not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix Provisioning Services:</b> Currently supported versions of Citrix Provisioning Services are not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Services Manager:</b> The TLS libraries used by currently supported versions of CloudPortal Services Manager are not vulnerable to these issues. </span></p>\n<p> <span> <b>\u2022 Citrix XenMobile MDM Edition:</b> The TLS libraries used by components of XenMobile MDM edition, including the XenMobile Device Manager component, are not vulnerable to these issues.</span></p>\n<p> <span> <b>\u2022 GoToMeeting, GoToMyPC, ShareFile, GoToAssist, GoToWebinar, GoToTraining, Podio</b>, and other related SaaS division products are not vulnerable to these issues. However, as a security best practice, for SaaS software utilizing OpenSSL, we are updating to the most current version.</span></p>\n</ul>\n<p> <span> <b>Client components that may be exposed to CVE-2014-0224 if used with unpatched servers:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix NetScaler:</b> TLS client connections initiated from the versions of Citrix NetScaler mentioned below are not vulnerable to these issues </span></p>\n<p>- Citrix NetScaler ADC and NetScaler Gateway version 10.1 and 10.1.e builds 10.1 Build 127.10 and 10.1 Build 127.1001.e and later</p>\n<p>- Citrix NetScaler ADC and NetScaler Gateway version 10.5 and 10.5.e builds 10.5 Build 50.10 and 10.5 Build 51.1017.e and later</p>\n<p> <span>- Citrix NetScaler ADC and NetScaler Gateway version 11.0 build 55.20 and later </span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Windows:</b> Citrix Receiver for Windows up to and including version 4.1</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Mac:</b> Citrix Receiver for Mac up to and including version 11.8.2</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Linux:</b> Citrix Receiver for Linux up to and including version 13.0</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for iOS:</b> Citrix Receiver for iOS up to and including version 5.8.3</span></p>\n</ul>\n<p> <span> <b>Other Products:</b></span></p>\n<p> <span>Analysis of other Citrix products is in progress, details on these will be added to this document as soon as they are available. Please check this document regularly for updates.</span></p>\n<p> <span> <b>What Citrix Is Doing</b></span></p>\n<p> <span>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</span></p>\n<p> <span> <b>Obtaining Support on This Issue</b></span></p>\n<p> <span>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a></u>.</span></p>\n<p> <span> <b>Reporting Security Vulnerabilities to Citrix</b></span></p>\n<p> <span>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"/article/CTX081743\">Reporting Security Issues to Citrix</a></span></p>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"150\"><b>Date</b></td>\n<td colspan=\"1\" rowspan=\"1\"><b>Change</b></td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"150\">October 23rd 2014 </td>\n<td colspan=\"1\" rowspan=\"1\">Addition of HDX RealTime Optimization Pack to Affected Components section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">November 3rd 2014</td>\n<td colspan=\"1\" rowspan=\"1\">Update to Licensing section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">February 11th 2015</td>\n<td colspan=\"1\" rowspan=\"1\">Addition of CloudBridge section</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">June 7th 2016</td>\n<td colspan=\"1\" rowspan=\"1\">Update to NetScaler section</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2016-06-07T04:00:00", "published": "2014-06-06T04:00:00", "id": "CTX140876", "href": "https://support.citrix.com/article/CTX140876", "title": "Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "type": "citrix", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. \n\nFurthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1h-r1\"", "modified": "2015-06-06T00:00:00", "published": "2014-07-27T00:00:00", "id": "GLSA-201407-05", "href": "https://security.gentoo.org/glsa/201407-05", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 4, "modified": "2014-06-05T00:00:00", "published": "2014-06-05T00:00:00", "id": "ELSA-2014-0625", "href": "http://linux.oracle.com/errata/ELSA-2014-0625.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 4, "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "ELSA-2014-0679", "href": "http://linux.oracle.com/errata/ELSA-2014-0679.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-06-06T20:24:08", "published": "2014-06-05T04:00:00", "id": "RHSA-2014:0625", "href": "https://access.redhat.com/errata/RHSA-2014:0625", "type": "redhat", "title": "(RHSA-2014:0625) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2018-04-12T03:33:20", "published": "2014-06-10T04:00:00", "id": "RHSA-2014:0679", "href": "https://access.redhat.com/errata/RHSA-2014:0679", "type": "redhat", "title": "(RHSA-2014:0679) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "modified": "2015-04-24T14:18:05", "published": "2014-06-05T04:00:00", "id": "RHSA-2014:0628", "href": "https://access.redhat.com/errata/RHSA-2014:0628", "type": "redhat", "title": "(RHSA-2014:0628) Important: openssl security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2018-01-27T09:17:49", "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "[](<https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s1600/Openssl-bug-mitm.jpg>)\n\nRemember OpenSSL [Heartbleed vulnerability](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)? Several weeks ago, the exposure of this security bug chilled the Internet, revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications.\n\n \n\n\nNow once again the OpenSSL Foundation has issued software updates to patch six new vulnerabilities, and two of them are critical.\n\n \n\n\n**MAN-IN-THE-MIDDLE ATTACK (CVE-2014-0224)**\n\nFirst critical vulnerability (CVE-2014-0224) in [OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is \"_CCS Injection_\" - resides in ChangeCipherSpec (CCS) request sent during the handshake that could allow an attacker to perform a [man-in-the-middle attack](<https://thehackernews.com/search/label/Man-in-the-Middle>) against the encrypted connection servers and clients. \n\n \n\n\nBy exploiting this vulnerability an attacker could intercept an encrypted connection which allows him to decrypt, read or manipulate the data. But the reported flaw is exploitable only if both server and client are vulnerable to this issue.\n\n \n\n\nAccording to the OpenSSL [advisory](<https://www.openssl.org/news/secadv_20140605.txt>), \"_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers._\" All versions of OpenSSL are vulnerable on the client side. Only 1.0.1 and above are currently known to be vulnerable on the server side. SSL VPN (_virtual private network_) products are believed to be especially vulnerable to this flaw.\n\n \n\n\nOpenSSL CCS Injection vulnerability is discovered by a Japanese security researcher, _[Masashi Kikuchi](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>)_ from Lepidum security firm._ _According to him this bug was existed since the very first release of OpenSSL. RedHat also posted a detailed [explanation](<https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/>) about this bug on their security blog.\n\n** \n**\n\n**DTLS invalid fragment vulnerability (CVE-2014-0195):**** **Sending invalid DTLS fragments to a OpenSSL DTLS client or server can lead to a buffer overrun attack. A potential hacker could exploit this flaw to run arbitrary code on a vulnerable client or server. This [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) also marked as critical bug.\n\n \n\n\n**DTLS recursion flaw (CVE-2014-0221): **A remote attacker can send an invalid DTLS (Datagram Transport Layer Security) handshake to an OpenSSL DTLS client, which will force the code to recurse eventually crashing in a DoS attack. This attack is limited to the applications using OpenSSL as a DTLS client.\n\n \n\n\nDTLS mainly used in VOIP and other communication related applications like Cisco Systems\u2019 AnyConnect VPN Client. Chrome and Firefox web browser also support [DTLS for WebRTC](<https://thehackernews.com/2014/06/mozilla-to-provide-webrtc-based-free.html>) (_Web Real-Time Communication_) for P2P file sharing and Voice/Video Chats.\n\n \n\n\nOther important OpenSSL vulnerabilities are:\n\n * **SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198),** allows remote attackers to cause a denial of service via a NULL pointer dereference.\n * **SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298),** allows remote attackers to inject data across sessions or cause a denial of service.\n * **Anonymous ECDH denial of service (CVE-2014-3470),** OpenSSL TLS clients enabling anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are subject to a denial of service attack.\n\nBut the good news is that these vulnerabilities are not as critical as Heartbleed bug. The patched versions 0.9.8za, 1.0.0m and 1.0.1h are available on the project website to download and The OpenSSL Foundation is urging companies to update their implementation as soon as possible.\n", "modified": "2014-06-05T16:51:06", "published": "2014-06-05T05:49:00", "id": "THN:D2B91981A95FA63440BEC1909D1FAE82", "href": "https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html", "type": "thn", "title": "OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0625\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/032382.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0625.html", "edition": 3, "modified": "2014-06-05T13:06:47", "published": "2014-06-05T13:06:47", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/032382.html", "id": "CESA-2014:0625", "title": "openssl security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n Multiple security issues have been corrected, including a possible\n man-in-the-middle attack where weak keying material is forced, denial\n of service, and the execution of arbitrary code.\n For more information, see:\n http://www.openssl.org/news/secadv_20140605.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz", "modified": "2014-06-06T05:27:11", "published": "2014-06-06T05:27:11", "id": "SSA-2014-156-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.746956", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "description": "Package: openssl\nVersion: 0.9.8o-4squeeze15\nCVE ID: CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-3470 CVE-2014-0224\n\nCVE-2014-0195\n\n Jueri Aedla discovered that a buffer overflow in processing DTLS\n fragments could lead to the execution of arbitrary code or denial\n of service.\n\nCVE-2014-0221\n\n Imre Rad discovered the processing of DTLS hello packets is\n susceptible to denial of service.\n\nCVE-2014-0224\n\n KIKUCHI Masashi discovered that carefully crafted handshakes can\n force the use of weak keys, resulting in potential man-in-the-middle\n attacks.\n\nCVE-2014-3470\n\n Felix Groebert and Ivan Fratric discovered that the implementation of\n anonymous ECDH ciphersuites is suspectible to denial of service.\n\nCVE-2014-0076\n\n Fix for the attack described in the paper "Recovering\n OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"\n Reported by Yuval Yarom and Naomi Benger.\n\nAdditional information can be found at\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nAll applications linked to openssl need to be restarted. You can\nuse the tool checkrestart from the package debian-goodies to\ndetect affected programs or reboot your system.\n\nIt's important that you upgrade the libssl0.9.8 package and not\njust the openssl package.\n\n", "edition": 2, "modified": "2014-06-05T19:36:19", "published": "2014-06-05T19:36:19", "id": "DEBIAN:SSL-:DD9E5", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201406/msg00002.html", "title": "openssl security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "Protection level downgrade attacks, multiple DTLS vulnerabilities, DoS.", "edition": 1, "modified": "2014-06-06T00:00:00", "published": "2014-06-06T00:00:00", "id": "SECURITYVULNS:VULN:13810", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13810", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-4618", "CVE-2014-0076", "CVE-2014-0224", "CVE-2014-2520", "CVE-2014-2521", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "\r\n\r\n\r\n\r\nESA-2014-079.txt\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \r\n\r\nEMC Identifier: ESA-2014-079\r\n\r\nCVE Identifier: See below for individual CVEs\r\n\r\nSeverity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE\r\n\r\nAffected products: \r\n\u2022\tAll EMC Documentum Content Server versions of 7.1 prior to P07\r\n\u2022\tAll EMC Documentum Content Server versions of 7.0\r\n\u2022\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\r\n\u2022\tAll EMC Documentum Content Server versions of 6.7 SP1\r\n\u2022\tAll EMC Documentum Content Server versions prior to 6.7 SP1\r\n \r\nSummary: \r\nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \r\n\r\nDetails: \r\nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\r\n\r\n\u2022\tArbitrary Code Execution (CVE-2014-4618):\r\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects.\r\nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\r\n\r\n\u2022\tDQL Injection (CVE-2014-2520):\r\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. \r\nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\r\n\r\n\u2022\tInformation Disclosure (CVE-2014-2521):\r\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server.\r\nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\r\n\r\n\u2022\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\r\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\r\n\tDTLS recursion flaw (CVE-2014-0221)\r\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\r\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198)\r\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\r\n\tAnonymous ECDH denial of service (CVE-2014-3470)\r\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\r\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt \r\n\r\nResolution: \r\nThe following versions contain the resolution for these issues: \r\n\u2022\tEMC Documentum Content Server version 7.1 P07 and later\r\n\u2022\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.\r\n\u2022\tEMC Documentum Content Server version 6.7 SP2 P16 and later\r\n\u2022\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.\r\n\r\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.\r\n\r\nLink to remedies:\r\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\r\n\r\nFor Hotfix, contact EMC Support.\r\n\r\n\r\n\r\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.\r\n\r\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.\r\n\r\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.\r\n\r\nEMC Product Security Response Center\r\nsecurity_alert@emc.com\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlPyawYACgkQtjd2rKp+ALyVGACgzWAlXOPX89SArK2BZBaiKpsf\r\nm68An0PN925zTlYP7Rxe6yR4ENurwUlD\r\n=w/OT\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-08-26T00:00:00", "published": "2014-08-26T00:00:00", "id": "SECURITYVULNS:DOC:31041", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31041", "title": "ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:48:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * DTLS invalid fragment vulnerability. (CVE-2014-0195)\n * SSL_MODE_RELEASE_BUFFERS NULL pointer dereference. (CVE-2014-0198)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-0195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195</a>>\n * CVE-2014-0198\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n", "edition": 1, "modified": "2014-06-06T09:04:15", "published": "2014-06-06T09:04:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00006.html", "id": "SUSE-SU-2014:0762-1", "title": "Security update for OpenSSL 1.0 (critical)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2019-05-29T19:19:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 11 06:39:27 CDT 2014 \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability \n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0224\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL DTLS recursion flaw\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0221\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL DTLS invalid fragment vulnerability\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0195\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0198\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Anonymous ECDH denial of service\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3470\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-0224\n\tOpenSSL could allow a Man-in-the-middle(MITM) attacker to force the use of \n\tweak keying material in OpenSSL SSL/TLS clients and servers. The attacker \n\tcan decrypt and modify traffic from the attacked client and server. The \n\tattack can only be performed between a vulnerable client *and* server.\n\n 2. CVE-2014-0221\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker can send a invalid DTLS handshake to an OpenSSL DTLS client,\n\tresulting recursive execution of code and eventual crash.\n\n 3. CVE-2014-0195\n\tOpenSSL could allow an attacker to cause a \"buffer overrun\" situation. This \n\tis triggered when an attacker sends an invalid DTLS fragments to an OpenSSL \n\tDTLS client or server, and thus forcing it to run arbitrary code on a \n\tvulnerable client or server.\n\n 4. CVE-2014-0198\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the flaw in the do_ssl3_write function\n\tvia a NULL pointer dereference.\n\n 5. CVE-2014-3470\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the software's anonymous ECDH cipher \n\tsuites present within OpenSSL clients.\n\nII. CVSS\n\n 1. CVE-2014-0224\n CVSS Base Score: 5.8\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93586\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-0221\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93587\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-0195\n CVSS Base Score: 7.5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93588\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-0198\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93000\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3470\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93589\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-0198\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n\n B. CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n openssl.base 0.9.8.401 0.9.8.2501 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2501 key_w_fs\n\n\nIV. SOLUTIONS\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n For Openssl 1.0.1 version - \n zcat openssl-1.0.1.511.tar.Z | tar xvf -\n For Openssl 0.9.8 version - \n zcat openssl-0.9.8.2502.tar.Z | tar xvf -\n For Openssl 12.9.8 version - \n zcat openssl-12.9.8.2502.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n \n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93586\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93587\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93588\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93000\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93589\n CVE-2014-0224 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n CVE-2014-0221 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n CVE-2014-0195 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n CVE-2014-0198 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n CVE-2014-3470 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlOYa3QACgkQ4fmd+Ci/qhJMsQCeIm9hBmgNkQxOH80z74Du1Gt3\nldsAn3mM6Hl5+KNzs+2sTTxirF79+NJ+\n=Q2O7\n-----END PGP SIGNATURE-----\n", "edition": 4, "modified": "2014-06-11T06:39:27", "published": "2014-06-11T06:39:27", "id": "OPENSSL_ADVISORY9.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc", "title": "AIX OpenSSL Vulnerabilities (Multiple CVEs)", "type": "aix", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2015-0292", "CVE-2014-0221"], "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. ([CVE-2014-0195 __](<https://access.redhat.com/security/cve/CVE-2014-0195>))\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. ([CVE-2010-5298 __](<https://access.redhat.com/security/cve/CVE-2010-5298>), [CVE-2014-0198 __](<https://access.redhat.com/security/cve/CVE-2014-0198>))\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. ([CVE-2014-0221 __](<https://access.redhat.com/security/cve/CVE-2014-0221>))\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. ([CVE-2014-3470 __](<https://access.redhat.com/security/cve/CVE-2014-3470>))\n\nAn integer underflow flaw, leading to a heap-based buffer overflow, was found in the way OpenSSL decoded certain base64 strings. A remote attacker could provide a specially crafted base64 string via certain PEM processing routines that, when parsed by the OpenSSL library, would cause the OpenSSL server to crash. ([CVE-2015-0292 __](<https://access.redhat.com/security/cve/CVE-2015-0292>))\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-devel-1.0.1h-1.72.amzn1.i686 \n openssl-1.0.1h-1.72.amzn1.i686 \n openssl-debuginfo-1.0.1h-1.72.amzn1.i686 \n openssl-perl-1.0.1h-1.72.amzn1.i686 \n openssl-static-1.0.1h-1.72.amzn1.i686 \n \n src: \n openssl-1.0.1h-1.72.amzn1.src \n \n x86_64: \n openssl-debuginfo-1.0.1h-1.72.amzn1.x86_64 \n openssl-static-1.0.1h-1.72.amzn1.x86_64 \n openssl-devel-1.0.1h-1.72.amzn1.x86_64 \n openssl-perl-1.0.1h-1.72.amzn1.x86_64 \n openssl-1.0.1h-1.72.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-06-04T15:45:00", "published": "2014-06-04T15:45:00", "id": "ALAS-2014-349", "href": "https://alas.aws.amazon.com/ALAS-2014-349.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T05:45:06", "description": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.", "edition": 6, "cvss3": {}, "published": "2014-04-14T22:38:00", "title": "CVE-2010-5298", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5298"], "modified": "2018-10-10T20:09:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2010-5298", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.", "edition": 6, "cvss3": {}, "published": "2014-03-25T13:25:00", "title": "CVE-2014-0076", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0076"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-0076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:29", "description": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.\nPer: http://cwe.mitre.org/data/definitions/476.html\n\n\"CWE-476: NULL Pointer Dereference\"", "edition": 7, "cvss3": {}, "published": "2014-06-05T21:55:00", "title": "CVE-2014-3470", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3470"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/o:fedoraproject:fedora:*", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:redhat:storage:2.1", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-3470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T12:00:27", "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "### *Detect date*:\n06/10/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to obtain sensitive information, hijack a session or cause denial of service. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nESXi without patch ESXi550-201406401-SG versions 5.0, 5.1, 5.5 \nWorkstation 10 versions earlier than 10.0.3 \nWorkstation 9 versions earlier than 9.0.4 \nPlayer 6 versions earlier than 6.0.3 \nPlayer 5 versions earlier than 5.0.4 \nFusion 6 versions earlier than 6.0.4 \nFusion 5 versions earlier than 5.0.5 \nHorizon Mirage Edge Gateway versions earlier than 4.4.3 \nHorizon View versions earlier than 5.3.2 \nHorizon View 5.3 versions earlier than FP3 \nHorizon Workspace Server 1.5 without patch horizon-nginx-rpm-1.5.0.0-1876270.x86_64.rpm \nHorizon Workspace Server 1.8 without patch horizon-nginx-rpm-1.8.2.1820-1876338.x86_64.rpm \nHorizon View Clients versions earlier than 3.0 \nvCD 5.5 versions earlier than 5.5.1.2 \nvCD 5.1 versions earlier than 5.1.3.1 \nvCenter versions earlier than 5.5u1b vCenter Support \nAssistant versions earlier than 5.5.1.1 vCloud Automation \nCenter versions earlier than 6.0.1.2 vCenter Configuration \nManager versions earlier than 5.7.2 \nvCenter Converter Standalone versions earlier than 5.5.2 \nConverter Standalone versions earlier than 5.1.1 \n\n### *Solution*:\nUpdate to latest version \n[Vmware Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMware bulletin](<http://www.vmware.com/security/advisories/VMSA-2014-0006.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2014-0198](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198>)4.3Warning \n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)6.8High \n[CVE-2014-3470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>)4.3Warning \n[CVE-2010-5298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>)4.0Warning", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2014-06-10T00:00:00", "id": "KLA10382", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10382", "title": "\r KLA10382Multiple vulnerabilities in VMware ", "type": "kaspersky", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "vmware": [{"lastseen": "2019-11-06T16:05:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "description": "a. OpenSSL update for multiple products. \n\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.\n\nCVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.\n\nCVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. \n \nCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. \n \nCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. \n \n**MITIGATIONS \n \n**\n\n * Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below).\n * Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). \n * Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.\n\n \n**RECOMMENDATIONS** \n \nVMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. \n \nVMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.\n\nColumn 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.\n\n_**Table 1**_\n\nAffected servers running a vulnerable version of OpenSSL 1.0.1.\n", "edition": 5, "modified": "2014-10-09T00:00:00", "published": "2014-06-10T00:00:00", "id": "VMSA-2014-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0006.html", "title": "VMware product updates address OpenSSL security vulnerabilities", "type": "vmware", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "ics": [{"lastseen": "2021-02-27T19:54:49", "bulletinFamily": "info", "cvelist": ["CVE-2010-5298", "CVE-2014-0198", "CVE-2014-0224", "CVE-2014-3470"], "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site.\n\n### **\\--------- Begin Update G Part 1 of 3 --------**\n\nSiemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2, S7-1500, WinCC OA (PVSS), CP1543-1, Ruggedcom ROX 1, and ROX 2-based products.\n\n### **\\--------- End Update G Part 1 of 3 ----------**\n\nThese vulnerabilities could be exploited remotely. Exploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n## AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n### **\\--------- Begin Update G Part 2 of 3 --------**\n\n * APE (only affected if SSL/TLS component is used):\n * APE stand-alone: All versions prior to V2.0.2,\n * ELAN on APE: All versions prior to V8.4.0,\n * CP1543-1: prior to Version 1.1.25,\n * ROX 1: all versions prior to V1.16.1 (only affected if Crossbow is installed),\n * ROX 2: all versions prior to V2.6.0 (only affected if ELAN or Crossbow is installed),\n * Crossbow: All versions prior to V4.2.3\n * ELAN: All versions prior to V8.4.0\n * S7-1500: versions prior to Version 1.6, and\n * WinCC OA (PVSS): Version 3.12-P001\u20133.12-P008\n\n### **\\--------- End Update G Part 2 of 3 ----------**\n\n## IMPACT\n\nThe vulnerabilities identified could impact authenticity, integrity, and availability of affected devices. The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany. Siemens develops products mainly in the energy, healthcare and public health sectors, and transportation systems.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### MAN-IN-THE-MIDDLEa\n\nAn attacker could perform a man-in-the-middle (MitM) attack between a vulnerable client and a vulnerable server. This vulnerability affects ROX, APE, S7-1500, and CP1543-1.\n\nCVE-2014-0224b has been assigned to this vulnerability. A CVSS v2 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:P/I:P/A:P).c\n\n### IMPROPER INPUT VALIDATIONd\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2014-0198e has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).f\n\n### IMPROPER INPUT VALIDATIONg\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2010-5298h has been assigned to this vulnerability. A CVSS v2 base score of 4.0 has been assigned; the CVSS vector string is (AV:N/AC:H/Au:N/C:N/I:P/A:P).i\n\n### IMPROPER INPUT VALIDATIONj\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the WinCC OA (PVSS).\n\nCVE-2014-3470k has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).l\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThese vulnerabilities could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit these vulnerabilities.\n\n## MITIGATION\n\nSiemens provides updates for the following products:\n\n### **\\--------- Begin Update G Part 3 of 3 --------**\n\nAPE 2.0.2 stand-alone available at:\n\n<http://support.automation.siemens.com/WW/view/en/97654933>\n\nS7-1500: update to Version 1.6 at:\n\n<http://support.automation.siemens.com/WW/view/de/98164677>\n\nWinCC OA (PVSS) available at the Siemens[ ETM portal](<https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=>).\n\nCP1543-1 update to Version V1.1.25 at:\n\n<http://support.automation.siemens.com/WW/view/en/99804563>\n\nUpdated firmware for Ruggedcom ROX-based devices and ELAN software can be obtained for free from the following contact points:\n\n * Submit a support request to Siemens online:\n * <http://www.siemens.com/automation/support-request>\n * Call a local hotline center:\n * <http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx>\n\nUpdate Debian using the standard update procedures if eLAN is installed on a Linux system.\n\n### **\\--------- End Update G Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011234763, which can be found at its web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: http://ics-cert.us-cert.gov/content/recommended-practices. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nIn addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:\n\n 1. Do not click web links or open unsolicited attachments in email messages.\n 2. Refer to Recognizing and Avoiding Email Scamsm for more information on avoiding email scams.\n 3. Refer to Avoiding Social Engineering and Phishing Attacksn for more information on social engineering attacks.\n * aCWE-310: Cryptographic Issues, http://cwe.mitre.org/data/definitions/310.html, web site last accessed July 17, 2014.\n * bNVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224, web site last accessed July 17, 2014.\n * cCVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P, web site last accessed July 17, 2014.\n * dCWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, http://cwe.mitre.org/data/definitions/119.html, web site last accessed July 17, 2014.\n * eNVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198, web site last accessed July 17, 2014.\n * fCVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P, web site last accessed July 17, 2014.\n * gCWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), http://cwe.mitre.org/data/definitions/362.html, web site last accessed July 17, 2014.\n * hNVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298, web site last accessed July 17, 2014.\n * iCVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P, web site last accessed July 17, 2014.\n * jCWE-476: NULL Pointer Dereference, http://cwe.mitre.org/data/definitions/476.html, web site last accessed July 17, 2014.\n * kNVD, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470, web site last accessed July 17, 2014.\n * lCVSS Calculator, http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P, web site last accessed July 17, 2014.\n * mRecognizing and Avoiding Email Scams, http://www.us-cert.gov/reading_room/emailscams_0905.pdf, web site last accessed July 17, 2014.\n * nNational Cyber Alert System Cyber Security Tip ST04-014, http://www.us-cert.gov/cas/tips/ST04-014.html, web site last accessed July 17, 2014.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-14-198-03G>); we'd welcome your feedback.\n", "modified": "2018-08-29T00:00:00", "published": "2015-02-17T00:00:00", "id": "ICSA-14-198-03G", "href": "https://www.us-cert.gov/ics/advisories/ICSA-14-198-03G", "type": "ics", "title": "Siemens OpenSSL Vulnerabilities (Update G)", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}]}
