Search...

IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass

2014-11-19T00:00:00

ID IBM_TEM_9_1_1117_0.NASL
Type nessus
Reporter Tenable
Modified 2018-07-12T00:00:00

Description

According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79335);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2014-0224");
  script_bugtraq_id(67899);
  script_xref(name:"CERT", value:"978508");

  script_name(english:"IBM Tivoli Endpoint Manager Server 9.1.x &lt; 9.1.1117.0 OpenSSL Security Bypass");
  script_summary(english:"Checks the version of the Tivoli Endpoint Manager Server.");

  script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a security bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IBM Tivoli Endpoint
Manager Server installed on the remote host uses a vulnerable OpenSSL
library that contains a flaw in the processing of ChangeCipherSpec
messages. The flaw allows an attacker to cause usage of weak keying
material leading to simplified man-in-the-middle attacks.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21677842");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
  script_set_attribute(attribute:"solution", value:"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_endpoint_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("ibm_tem_detect.nasl");
  script_require_keys("www/BigFixHTTPServer");
  script_require_ports("Services/www", 52311);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app_name = "IBM Tivoli Endpoint Manager";
port = get_http_port(default:52311, embedded:FALSE);

version = get_kb_item_or_exit("www/BigFixHTTPServer/"+port+"/version");
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);
if (version !~ "^(\d+\.){2,}\d+$") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

fix = "9.1.1117.0";

if (
  version =~ "^9\.1\.1065($|[^0-9])" ||
  version =~ "^9\.1\.1082($|[^0-9])" ||
  version =~ "^9\.1\.1088($|[^0-9])"
)
{
  if (report_verbosity &gt; 0)
  {
    report = "";

    source = get_kb_item("www/BigFixHTTPServer/"+port+"/source");
    if (!isnull(source))
      report += '\n  Source            : ' + source;

    report +=
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';

    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);

JSON Vulners Source

Initial Source

{"id": "IBM_TEM_9_1_1117_0.NASL", "bulletinFamily": "scanner", "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "published": "2014-11-19T00:00:00", "modified": "2018-07-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "reporter": "Tenable", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "cvelist": ["CVE-2014-0224"], "type": "nessus", "lastseen": "2018-09-01T23:33:51", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager"], "cvelist": ["CVE-2014-0224"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "dcafda1fc9da641b3abf90fe0480677880acc71a4e6bb2b5687a736a38f77369", "hashmap": [{"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "c14d94cb936f27ae5dfe6e82264f3450", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}, {"hash": "025a7d610c4dd597bc9cd6be16aef1f4", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "id": "IBM_TEM_9_1_1117_0.NASL", "lastseen": "2017-10-29T13:33:36", "modified": "2016-05-16T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "79335", "published": "2014-11-19T00:00:00", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:02:51 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_osvdb_id(107729);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "type": "nessus", "viewCount": 6}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:33:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager"], "cvelist": ["CVE-2014-0224"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "fa8054c70d4f8353aa11df4c274e8f3f2f81dbc4d85ee495c830c75285b79fe2", "hashmap": [{"hash": "c14d94cb936f27ae5dfe6e82264f3450", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "9d4710eb73515ab96620c6ac58dc32a4", "key": "sourceData"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "id": "IBM_TEM_9_1_1117_0.NASL", "lastseen": "2018-08-30T19:31:03", "modified": "2018-07-12T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "79335", "published": "2014-11-19T00:00:00", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:31:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager"], "cvelist": ["CVE-2014-0224"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "feda7303848cdfab24132021f099cf8cce661dc300d73d2af5f4aeed2be382c3", "hashmap": [{"hash": "c14d94cb936f27ae5dfe6e82264f3450", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "9d4710eb73515ab96620c6ac58dc32a4", "key": "sourceData"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "id": "IBM_TEM_9_1_1117_0.NASL", "lastseen": "2018-07-13T09:31:17", "modified": "2018-07-12T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "79335", "published": "2014-11-19T00:00:00", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "type": "nessus", "viewCount": 6}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-13T09:31:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-0224"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version, the IBM Tivoli Endpoint Manager Server installed on the remote host uses a vulnerable OpenSSL library that contains a flaw in the processing of ChangeCipherSpec messages. The flaw allows an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 1, "enchantments": {}, "hash": "c5b87cdf345ad734ff55355336e69526045a87120e32cce07398194ffa38feba", "hashmap": [{"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "de42e4d1afe340138253b8e5938c093f", "key": "title"}, {"hash": "925fafb853aa47307edbc06773b7da93", "key": "cvelist"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "e9b5947b339a90d25fb10457aed7ed42", "key": "published"}, {"hash": "2a1e0f8fae30c9626f94bbadcc53d3e4", "key": "pluginID"}, {"hash": "afc7e78da05dfd802df8b4036f6a1b48", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8989cb786fcd4f7bda355b0c857c3b82", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "260a9252d91626d1309967e2bc2a0715", "key": "description"}, {"hash": "025a7d610c4dd597bc9cd6be16aef1f4", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=79335", "id": "IBM_TEM_9_1_1117_0.NASL", "lastseen": "2016-09-26T17:23:15", "modified": "2016-05-16T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.2", "pluginID": "79335", "published": "2014-11-19T00:00:00", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842", "https://www.openssl.org/news/secadv/20140605.txt"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:02:51 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_osvdb_id(107729);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "title": "IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass", "type": "nessus", "viewCount": 6}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:15"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c14d94cb936f27ae5dfe6e82264f3450"}, {"key": "cvelist", "hash": "925fafb853aa47307edbc06773b7da93"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "260a9252d91626d1309967e2bc2a0715"}, {"key": "href", "hash": "8989cb786fcd4f7bda355b0c857c3b82"}, {"key": "modified", "hash": "f5e850f1985da305c7f9475708cd4d52"}, {"key": "naslFamily", "hash": "07a0416e4de2a26a0531240b230d9eca"}, {"key": "pluginID", "hash": "2a1e0f8fae30c9626f94bbadcc53d3e4"}, {"key": "published", "hash": "e9b5947b339a90d25fb10457aed7ed42"}, {"key": "references", "hash": "afc7e78da05dfd802df8b4036f6a1b48"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "9d4710eb73515ab96620c6ac58dc32a4"}, {"key": "title", "hash": "de42e4d1afe340138253b8e5938c093f"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "feda7303848cdfab24132021f099cf8cce661dc300d73d2af5f4aeed2be382c3", "viewCount": 7, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79335);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of the Tivoli Endpoint Manager Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the IBM Tivoli Endpoint\nManager Server installed on the remote host uses a vulnerable OpenSSL\nlibrary that contains a flaw in the processing of ChangeCipherSpec\nmessages. The flaw allows an attacker to cause usage of weak keying\nmaterial leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140605.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tivoli Endpoint Manager Server 9.1.1117.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_endpoint_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tem_detect.nasl\");\n script_require_keys(\"www/BigFixHTTPServer\");\n script_require_ports(\"Services/www\", 52311);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM Tivoli Endpoint Manager\";\nport = get_http_port(default:52311, embedded:FALSE);\n\nversion = get_kb_item_or_exit(\"www/BigFixHTTPServer/\"+port+\"/version\");\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, app_name, port);\nif (version !~ \"^(\\d+\\.){2,}\\d+$\") audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);\n\nfix = \"9.1.1117.0\";\n\nif (\n version =~ \"^9\\.1\\.1065($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1082($|[^0-9])\" ||\n version =~ \"^9\\.1\\.1088($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report = \"\";\n\n source = get_kb_item(\"www/BigFixHTTPServer/\"+port+\"/source\");\n if (!isnull(source))\n report += '\\n Source : ' + source;\n\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "naslFamily": "Web Servers", "pluginID": "79335", "cpe": ["cpe:/a:ibm:tivoli_endpoint_manager"]}

{"cve": [{"lastseen": "2018-11-01T05:14:32", "references": ["https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441", "http://secunia.com/advisories/59444", "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html", "http://www.ibm.com/support/docview.wss?uid=swg21676793", "http://www-01.ibm.com/support/docview.wss?uid=swg21675626", "http://secunia.com/advisories/59310", "http://rhn.redhat.com/errata/RHSA-2014-0630.html", "http://support.apple.com/kb/HT6443", "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "http://secunia.com/advisories/58492", "http://marc.info/?l=bugtraq&m=141658880509699&w=2", "http://secunia.com/advisories/59264", "http://secunia.com/advisories/59441", "http://www-01.ibm.com/support/docview.wss?uid=swg21676071", "http://secunia.com/advisories/59447", "http://marc.info/?l=bugtraq&m=140870499402361&w=2", "http://marc.info/?l=bugtraq&m=140604261522465&w=2", "http://marc.info/?l=bugtraq&m=141164638606214&w=2", "http://secunia.com/advisories/58660", "http://secunia.com/advisories/59202", "http://secunia.com/advisories/59192", "http://www.kerio.com/support/kerio-control/release-history", "http://secunia.com/advisories/59186", "http://marc.info/?l=bugtraq&m=141383410222440&w=2", "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1", "http://www-01.ibm.com/support/docview.wss?uid=swg21676889", "http://marc.info/?l=bugtraq&m=141147110427269&w=2", "http://secunia.com/advisories/59449", "http://secunia.com/advisories/59214", "http://www-01.ibm.com/support/docview.wss?uid=swg21676334", "http://www-01.ibm.com/support/docview.wss?uid=swg21673137", "http://secunia.com/advisories/59368", "http://www-01.ibm.com/support/docview.wss?uid=swg24037727", "http://marc.info/?l=bugtraq&m=140431828824371&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg21677828", "http://secunia.com/advisories/58337", "http://www-01.ibm.com/support/docview.wss?uid=swg21676478", "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "http://www-01.ibm.com/support/docview.wss?uid=swg24037729", "http://secunia.com/advisories/61254", "http://secunia.com/advisories/59132", "http://secunia.com/advisories/59437", "http://rhn.redhat.com/errata/RHSA-2014-0626.html", "http://marc.info/?l=bugtraq&m=140266410314613&w=2", "https://www.novell.com/support/kb/doc.php?id=7015271", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756", "http://secunia.com/advisories/59448", "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690", "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506", "http://security.gentoo.org/glsa/glsa-201407-05.xml", "http://rhn.redhat.com/errata/RHSA-2014-0633.html", "http://marc.info/?l=bugtraq&m=140544599631400&w=2", "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629", "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "http://www.ibm.com/support/docview.wss?uid=ssg1S1004678", "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "http://www-01.ibm.com/support/docview.wss?uid=swg21683332", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757", "http://secunia.com/advisories/59231", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106", "http://rhn.redhat.com/errata/RHSA-2014-0624.html", "http://marc.info/?l=bugtraq&m=140386311427810&w=2", "http://secunia.com/advisories/59189", "https://www.ibm.com/support/docview.wss?uid=ssg1S1004671", "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm", "http://secunia.com/advisories/58667", "http://secunia.com/advisories/59483", "http://secunia.com/advisories/59211", "https://kb.bluecoat.com/index?page=content&id=SA80", "http://seclists.org/fulldisclosure/2014/Dec/23", "http://www.ibm.com/support/docview.wss?uid=swg21676877", "http://secunia.com/advisories/59287", "http://www-01.ibm.com/support/docview.wss?uid=swg21676615", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737", "https://filezilla-project.org/versions.php?type=server", "http://marc.info/?l=bugtraq&m=140621259019789&w=2", "http://secunia.com/advisories/59305", "http://marc.info/?l=bugtraq&m=140904544427729&w=2", "http://marc.info/?l=bugtraq&m=140317760000786&w=2", "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf", "http://www-01.ibm.com/support/docview.wss?uid=swg21676529", "http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217", "http://www-01.ibm.com/support/docview.wss?uid=swg21677567", "http://secunia.com/advisories/58742", "http://secunia.com/advisories/59175", "http://www-01.ibm.com/support/docview.wss?uid=swg21677836", "http://www.fortiguard.com/advisory/FG-IR-14-018/", "http://marc.info/?l=bugtraq&m=142546741516006&w=2", "http://www.ibm.com/support/docview.wss?uid=swg24037783", "http://secunia.com/advisories/59389", "http://secunia.com/advisories/59677", "http://secunia.com/advisories/58977", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "http://secunia.com/advisories/59004", "http://secunia.com/advisories/59365", "http://www-01.ibm.com/support/docview.wss?uid=swg21678233", "http://secunia.com/advisories/59445", "http://www.securitytracker.com/id/1031594", "http://ccsinjection.lepidum.co.jp", "http://marc.info/?l=bugtraq&m=140482916501310&w=2", "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163", "http://secunia.com/advisories/58714", "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172", "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E", "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues", "http://secunia.com/advisories/59135", "http://secunia.com/advisories/59364", "http://www.ibm.com/support/docview.wss?uid=isg3T1020948", "http://secunia.com/advisories/58716", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "http://secunia.com/advisories/59460", "http://www.kb.cert.org/vuls/id/978508", "http://secunia.com/advisories/59525", "http://www-01.ibm.com/support/docview.wss?uid=swg24037731", "http://secunia.com/advisories/59518", "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "https://www.imperialviolet.org/2014/06/05/earlyccs.html", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl", "http://secunia.com/advisories/59188", "http://secunia.com/advisories/58433", "http://marc.info/?l=bugtraq&m=140983229106599&w=2", "http://marc.info/?l=bugtraq&m=140499864129699&w=2", "http://secunia.com/advisories/59338", "http://www-01.ibm.com/support/docview.wss?uid=swg21676333", "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "http://www-01.ibm.com/support/docview.wss?uid=swg21677131", "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", "http://secunia.com/advisories/59306", "http://www-01.ibm.com/support/docview.wss?uid=swg24037870", "http://secunia.com/advisories/59347", "http://rhn.redhat.com/errata/RHSA-2014-0631.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "http://secunia.com/advisories/59362", "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "http://www.ibm.com/support/docview.wss?uid=swg1IT02314", "http://marc.info/?l=bugtraq&m=140389274407904&w=2", "http://support.citrix.com/article/CTX140876", "http://secunia.com/advisories/59215", "http://secunia.com/advisories/59142", "http://www-01.ibm.com/support/docview.wss?uid=swg21677390", "http://www-01.ibm.com/support/docview.wss?uid=swg21676644", "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc", "http://secunia.com/advisories/59282", "http://marc.info/?l=bugtraq&m=140752315422991&w=2", "http://marc.info/?l=bugtraq&m=140794476212181&w=2", "http://www.blackberry.com/btsc/KB36051", "http://www-01.ibm.com/support/docview.wss?uid=swg21676035", "http://www-01.ibm.com/support/docview.wss?uid=swg24037730", "http://www.splunk.com/view/SP-CAAAM2D", "http://secunia.com/advisories/59040", "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "http://marc.info/?l=bugtraq&m=140448122410568&w=2", "http://marc.info/?l=bugtraq&m=140784085708882&w=2", "http://www.openssl.org/news/secadv_20140605.txt", "http://www-01.ibm.com/support/docview.wss?uid=swg21676879", "http://secunia.com/advisories/58615", "http://secunia.com/advisories/59661", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755", "http://secunia.com/advisories/59529", "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105", "http://marc.info/?l=bugtraq&m=142805027510172&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg21675821", "http://www-01.ibm.com/support/docview.wss?uid=swg21676496", "http://seclists.org/fulldisclosure/2014/Jun/38", "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html", "http://secunia.com/advisories/58713", "http://secunia.com/advisories/59446", "http://marc.info/?l=bugtraq&m=142350350616251&w=2", "http://marc.info/?l=bugtraq&m=140852757108392&w=2", "https://kc.mcafee.com/corporate/index?page=content&id=SB10075", "http://marc.info/?l=bugtraq&m=140389355508263&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg21676501", "http://linux.oracle.com/errata/ELSA-2014-1053.html", "https://www.ibm.com/support/docview.wss?uid=ssg1S1004670", "http://www.vmware.com/security/advisories/VMSA-2014-0006.html", "http://marc.info/?l=bugtraq&m=140852826008699&w=2", "http://secunia.com/advisories/59375", "http://rhn.redhat.com/errata/RHSA-2014-0680.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21678289", "http://secunia.com/advisories/59429", "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E", "http://marc.info/?l=bugtraq&m=140491231331543&w=2", "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html", "http://puppetlabs.com/security/cve/cve-2014-0224", "http://www-01.ibm.com/support/docview.wss?uid=swg21677695", "http://esupport.trendmicro.com/solution/en-US/1103813.aspx", "http://secunia.com/advisories/58945", "http://www-01.ibm.com/support/docview.wss?uid=swg21676833", "http://secunia.com/advisories/59440", "http://secunia.com/advisories/59374", "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download", "http://www.ibm.com/support/docview.wss?uid=swg21676356", "https://bugzilla.redhat.com/show_bug.cgi?id=1103586", "http://www-01.ibm.com/support/docview.wss?uid=swg21676655", "http://secunia.com/advisories/59223", "http://marc.info/?l=bugtraq&m=140672208601650&w=2", "http://secunia.com/advisories/59167", "http://secunia.com/advisories/59163", "http://secunia.com/advisories/59454", "http://secunia.com/advisories/59380", "https://access.redhat.com/site/blogs/766093/posts/908133", "http://www-01.ibm.com/support/docview.wss?uid=swg24037732", "http://secunia.com/advisories/59190", "http://www.f-secure.com/en/web/labs_global/fsc-2014-6", "http://www-01.ibm.com/support/docview.wss?uid=swg21678167", "http://www-01.ibm.com/support/docview.wss?uid=swg21677527", "http://secunia.com/advisories/58719", "http://marc.info/?l=bugtraq&m=141383465822787&w=2", "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21676419", "http://www-01.ibm.com/support/docview.wss?uid=swg21676786", "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754", "http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195", "http://marc.info/?l=bugtraq&m=141025641601169&w=2", "http://rhn.redhat.com/errata/RHSA-2014-0632.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21676062", "https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf", "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "http://www.securitytracker.com/id/1031032", "http://rhn.redhat.com/errata/RHSA-2014-0627.html", "http://secunia.com/advisories/59284", "http://secunia.com/advisories/59435", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21676845", "http://www-01.ibm.com/support/docview.wss?uid=swg21677080", "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html", "http://secunia.com/advisories/59101", "http://www-01.ibm.com/support/docview.wss?uid=swg21676536", "http://secunia.com/advisories/59502", "https://discussions.nessus.org/thread/7517", "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", "http://marc.info/?l=bugtraq&m=140369637402535&w=2", "http://www.novell.com/support/kb/doc.php?id=7015264", "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", "http://www.novell.com/support/kb/doc.php?id=7015300", "http://secunia.com/advisories/59093", "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"], "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "edition": 6, "reporter": "NVD", "published": "2014-06-05T17:55:07", "title": "CVE-2014-0224", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-0224"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/a:openssl:openssl:1.0.0k", "cpe:/a:openssl:openssl:0.9.8y", "cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:redhat:jboss_enterprise_web_server:2.0.1", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/o:redhat:enterprise_linux:4", "cpe:/a:openssl:openssl:0.9.8u", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:0.9.8w", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:1.0.1:beta2", "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8t", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.0:beta3", "cpe:/a:openssl:openssl:1.0.0:beta1", "cpe:/o:fedoraproject:fedora", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:openssl:openssl:0.9.8q", "cpe:/a:openssl:openssl:1.0.0a", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:0.9.8o", "cpe:/a:openssl:openssl:1.0.0h", "cpe:/a:openssl:openssl:0.9.8x", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "cpe:/a:openssl:openssl:0.9.8s", "cpe:/a:openssl:openssl:1.0.0l", "cpe:/a:openssl:openssl:1.0.0:beta4", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:1.0.0i", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:openssl:openssl:1.0.0f", "cpe:/a:openssl:openssl:0.9.8m:beta1", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:1.0.1:beta3", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.0e", "cpe:/a:openssl:openssl:1.0.0g", "cpe:/a:openssl:openssl:0.9.8r", "cpe:/a:openssl:openssl:1.0.0j", "cpe:/a:openssl:openssl:1.0.1:beta1", "cpe:/a:openssl:openssl:1.0.0b", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.8v", "cpe:/a:openssl:openssl:1.0.0d", "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.3", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:openssl:openssl:1.0.0:beta2", "cpe:/a:openssl:openssl:1.0.0:beta5", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:1.0.0c", "cpe:/a:redhat:storage:2.1", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.8p"], "id": "CVE-2014-0224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T10:18:46", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 465799 and 466486 (BIG-IP), ID 466469 (FirePass), ID 466956 (Enterprise Manager), ID 466954 (BIG-IQ), and ID 466317 (BIG-IP Edge Client) to this vulnerability. Additionally, BIG-IP [iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H465802 on the** Diagnostics** > **Identified** > **Medium | High** screen.\n\nTo determine if your release contains vulnerable server-side components, vulnerable client-side components, or both, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following tables:\n\n**Server-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.4.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP APM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| 11.5.0, 11.5.1| 11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP Link Controller| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.5.0, 11.5.1| 12.0.0 \n11.6.0 \n11.5.3 \n11.5.2 \n11.5.1 HF3 \n11.5.0 HF4 \n11.3.0 - 11.4.1| Configuration utility \nbig3d \nCOMPAT SSL ciphers \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| OpenSSL \n \n**Client-side components**\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable column**. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n\n * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)](<https://support.f5.com/csp/article/K13163>)\n * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\n * For more information about SSL profiles, refer to the following articles: \n\n * [K14783: Overview of the Client SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14783>)\n * [K14806: Overview of the Server SSL profile (11.x - 12.x)](<https://support.f5.com/csp/article/K14806>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated document](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "reporter": "f5", "published": "2014-06-06T05:34:00", "type": "f5", "title": "OpenSSL vulnerability CVE-2014-0224", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-0224"], "modified": "2017-03-14T22:07:00", "href": "https://support.f5.com/csp/article/K15325", "id": "F5:K15325", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:25", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/17000/300/sol17329.html", "https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14783.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html", "https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14806.html"], "edition": 1, "description": "**Client-side components**Product| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AAM| 11.4.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP AFM| 11.3.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP Analytics| 11.0.0 - 11.5.1| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP APM| 11.0.0 - 11.5.1 \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP ASM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP DNS| None| 12.0.0| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP GTM| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nBIG-IP Link Controller| 11.0.0 - 11.5.1 \n10.0.0 - 10.2.4| 12.0.0 \n11.6.0 \n11.5.1 HF3 \n11.5.0 HF4 \n11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PEM| 11.3.0 - 11.5.1| 11.5.1 HF3 \n11.5.0 HF4| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF15| Host-initiated SSL connections \nCOMPAT SSL ciphers \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 2.0.0 - 2.3.0| None| Host-initiated SSL connections \nFirePass| 7.0.0 \n6.0.0 - 6.1.0| None| Host-initiated SSL connections \nBIG-IQ Cloud| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Device| 4.2.0 - 4.3.0| None| Host-initiated SSL connections \nBIG-IQ Security| 4.0.0 - 4.3.0| None| Host-initiated SSL connections \nLineRate| 2.3.0 - 2.3.1 \n2.2.0 - 2.2.4 \n1.6.0 - 1.6.3| None| Host-initiated SSL connections \nBIG-IP Edge Clients for Linux| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for MAC OS X| 6035 - 7071| 7101.2014.0612.* \n7100.2014.0612.* \n7091.2014.0612.* \n7090.2014.0612.* \n7080.2014.0624.*| VPN \nBIG-IP Edge Client for Windows| 7101.* - 7101.2014.0611.* \n7100.* - 7100.2014.0611.* \n7091.* - 7091.2014.0611.* \n7090.* - 7090.2014.0611.* \n7080.* - 7080.2014.0623.* \n6035 - 7071| 7101.2014.0612.1847 \n7100.2014.0612.1847 \n7091.2014.0612.1950 \n7090.2014.0612.1853 \n7080.2014.0624.2054| VPN (DTLS Only) \nBIG-IP Edge Client for iOS| 2.0.0 - 2.0.2 \n1.0.5 - 1.0.6| 2.0.3| VPN \nBIG-IP Edge Client for Android| 2.0.1 - 2.0.4| 2.0.5| VPN \n \nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \n**Important**: F5 has created an engineering hotfix to address this issue for FirePass 7.0. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number. For more information, refer to SOL8986: F5 software life cycle policy. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Consider denying access to the Configuration utility and using only the command line and** **Traffic Management Shell (**tmsh**) until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility over only a secure network.\n * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n \n\n * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x - 12.x)\n * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n * Limit traffic between the BIG-IP system and pool members to trusted traffic.\n * Verify that servers with which the F5 device communicates (such as pool members) are not using vulnerable OpenSSL versions.\n\nSupplemental Information\n\n * For more information about SSL profiles, refer to the following articles: \n \n\n * SOL14783: Overview of the Client SSL profile (11.x - 12.x)\n * SOL14806: Overview of the Server SSL profile (11.x - 12.x)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated document\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "reporter": "f5", "published": "2014-06-05T00:00:00", "title": "SOL15325 - OpenSSL vulnerability CVE-2014-0224", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP GTM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "LineRate", "version": "2.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "LineRate", "version": "2.3.1", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.0, 11.5.1", "operator": "le"}, {"name": "LineRate", "version": "1.6.3", "operator": "le"}], "cvelist": ["CVE-2014-0224"], "modified": "2016-07-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html", "id": "SOL15325", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openssl": [{"lastseen": "2016-09-26T17:22:34", "references": [], "edition": 1, "description": "An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. Reported by KIKUCHI Masashi (Lepidum Co. Ltd.).", "reporter": "OpenSSL", "published": "2014-06-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2014-0224)", "bulletinFamily": "software", "affectedSoftware": [{"name": "openssl", "version": "1.0.0d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8p", "operator": "eq"}, {"name": "openssl", "version": "1.0.0b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8q", "operator": "eq"}, {"name": "openssl", "version": "0.9.8e", "operator": "eq"}, {"name": "openssl", "version": "1.0.1c", "operator": "eq"}, {"name": "openssl", "version": "1.0.0", "operator": "eq"}, {"name": "openssl", "version": "0.9.8t", "operator": "eq"}, {"name": "openssl", "version": "1.0.0e", "operator": "eq"}, {"name": "openssl", "version": "0.9.8w", "operator": "eq"}, {"name": "openssl", "version": "1.0.0a", "operator": "eq"}, {"name": "openssl", "version": "1.0.1b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8o", "operator": "eq"}, {"name": "openssl", "version": "0.9.8j", "operator": "eq"}, {"name": "openssl", "version": "1.0.0j", "operator": "eq"}, {"name": "openssl", "version": "0.9.8l", "operator": "eq"}, {"name": "openssl", "version": "1.0.0k", "operator": "eq"}, {"name": "openssl", "version": "0.9.8n", "operator": "eq"}, {"name": "openssl", "version": "1.0.1a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8d", "operator": "eq"}, {"name": "openssl", "version": "1.0.1d", "operator": "eq"}, {"name": "openssl", "version": "0.9.8i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8g", "operator": "eq"}, {"name": "openssl", "version": "0.9.8m", "operator": "eq"}, {"name": "openssl", "version": "0.9.8v", "operator": "eq"}, {"name": "openssl", "version": "1.0.0l", "operator": "eq"}, {"name": "openssl", "version": "0.9.8u", "operator": "eq"}, {"name": "openssl", "version": "1.0.1", "operator": "eq"}, {"name": "openssl", "version": "1.0.1f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8b", "operator": "eq"}, {"name": "openssl", "version": "0.9.8f", "operator": "eq"}, {"name": "openssl", "version": "0.9.8x", "operator": "eq"}, {"name": "openssl", "version": "0.9.8s", "operator": "eq"}, {"name": "openssl", "version": "0.9.8", "operator": "eq"}, {"name": "openssl", "version": "0.9.8r", "operator": "eq"}, {"name": "openssl", "version": "1.0.0c", "operator": "eq"}, {"name": "openssl", "version": "0.9.8a", "operator": "eq"}, {"name": "openssl", "version": "0.9.8h", "operator": "eq"}, {"name": "openssl", "version": "1.0.0i", "operator": "eq"}, {"name": "openssl", "version": "0.9.8k", "operator": "eq"}, {"name": "openssl", "version": "1.0.1g", "operator": "eq"}, {"name": "openssl", "version": "1.0.0g", "operator": "eq"}, {"name": "openssl", "version": "1.0.1e", "operator": "eq"}, {"name": "openssl", "version": "0.9.8y", "operator": "eq"}, {"name": "openssl", "version": "1.0.0f", "operator": "eq"}], "cvelist": ["CVE-2014-0224"], "modified": "2014-06-05T00:00:00", "id": "OPENSSL:CVE-2014-0224", "href": "https://www.openssl.org/news/vulnerabilities.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:12", "references": [], "bounty": 10.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/569/a3d43619d7595ae1c8eb97d793c0317e3bb80664_small.jpg?1414767226", "medium": "https://profile-photos.hackerone-user-content.com/000/000/569/2d44a44df90ed700d6dbef6618ec2553331c68be_medium.jpg?1414767226"}, "handle": "whisper", "url": "https://hackerone.com/whisper"}, "bountyState": "resolved", "edition": 5, "description": "your site is vulnerable to CVE-2014-0224\r\n \r\n\r\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "reporter": "paresh_parmar", "published": "2015-03-11T04:42:02", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "hackerone", "title": "Whisper: CVE-2014-0224 openssl ccs vulnerability", "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/013/929/073caa69896db7f1a799b4a9084f88a2dd2711a0_small.jpeg?1487591992"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/paresh_parmar", "username": "paresh_parmar"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-0224"], "modified": "2015-04-10T05:04:11", "id": "H1:50885", "href": "https://hackerone.com/reports/50885", "cvss": {"score": 0.0, "vector": "NONE"}}], "paloalto": [{"lastseen": "2018-08-31T00:11:39", "references": [], "description": "The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The remaining vulnerabilities to not apply because we do not use or support use of Datagram Transport Layer Security (DTLS), nor do we use anonymous Elliptic curve Diffie-Hellman (ECDH) on our software clients. Our exposure to CVE-2014-0224 is limited because both client and server must be vulnerable. While our client-side is vulnerable, the server-side is not. This limits exposure to potential man-in-the-middle (MITM) attacks only to sessions our software initiates with servers outside of our control that are running a vulnerable version of OpenSSL (OpenSSL 1.0.1 and 1.0.2-beta1). As such, services that may be vulnerable to MITM depending on customer configuration include: firewall services using SSL configured to use a proxy running a vulnerable OpenSSL server, syslog over SSL to a syslog server running a vulnerable OpenSSL server, and the User-ID agent connecting to a directory server running a vulnerable OpenSSL server. GlobalProtect is not vulnerable because our portal and gateway servers are not vulnerable. In response to these issues, Palo Alto Networks is including a patch to the OpenSSL software used across our products with the next scheduled maintenance release for all supported versions of PAN-OS / Panorama, User-ID agent, and GlobalProtect. Users can mitigate their exposure by ensuring that any servers described above are not running vulnerable versions of OpenSSL (1.0.1 and 1.0.2-beta1). If customers have any further questions related to product exposure to this OpenSSL security advisory, they can contact support.\n", "edition": 3, "reporter": "Palo Alto Networks Product Security Incident Response Team", "published": "2014-06-09T00:00:00", "title": "OpenSSL Man-in-the-middle vulnerability (CVE-2014-0224)", "type": "paloalto", "enchantments": {"score": {"modified": "2018-08-31T00:11:39", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-0224"], "modified": "2014-06-09T00:00:00", "id": "PAN-SA-2014-0003", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/23", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T12:02:28", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "OpenSSL is an open-source SSL implementation, used to implement the network communication of high-strength encryption, it is now widely used in various network applications.\n\nOpenSSL 0.9.8 za, 1.0.0 m, 1.0.1 h prior version, does not properly handle ChangeCipherSpec messages, which allows the middle attack in certain OpenSSL-to-OpenSSL communications within the use of a zero-length master key, and then use a specially crafted TLS handshake to hijack a session and gain sensitive information.\n\nOpenSSL TLS heartbeat read remote information disclosure Vulnerability (CVE-2014-0160) http://www.linuxidc.com/Linux/2014-04/99741.htm\n\nOpenSSL serious bug allows an attacker to read 64k of memory, and Debian half an hour to fix http://www.linuxidc.com/Linux/2014-04/99737.htm\n\nOpenSSL \u201cheartbleed\u201d security vulnerability http://www.linuxidc.com/Linux/2014-04/99706.htm\n\nBy OpenSSL to provide FTP+SSL/TLS authentication functions, and to achieve secure data transmission http://www.linuxidc.com/Linux/2013-05/84986.htm\n\n * Source: KIKUCHI Masashi\n", "reporter": "Root", "published": "2016-12-20T00:00:00", "type": "seebug", "title": "OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0160", "CVE-2014-0224"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2016-12-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92577", "id": "SSV:92577", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}], "cert": [{"lastseen": "2018-08-31T02:38:24", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224", "http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html", "http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html", "http://ccsinjection.lepidum.co.jp/", "https://plus.google.com/app/basic/stream/z12xhp3hbzbhhjgfm22ncvtbeua1dpaa004", "https://www.openssl.org/news/secadv_20140605.txt", "https://www.openssl.org/news/secadv_20140605.txt"], "description": "### Overview\n\nOpenSSL is vulnerable to a man-in-the-middle attack.\n\n### Description\n\nThe OpenSSL security advisory states: \n\n_SSL/TLS MITM vulnerability (CVE-2014-0224)_ \n_===========================================_ \n \n_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server._ \n \n_The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution._ \n \n_OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za._ \n_OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m._ \n_OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h._ \n \n_Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC._ \n \n_The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi._ \n \nAdditional details may be found in the [OpenSSL security advisory](<https://www.openssl.org/news/secadv_20140605.txt>). This vulnerability is one of many that has been fixed in the latest release. \n \nMasashi Kikuchi has written a[ technical blog post](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>) about the vulnerability. \n \n--- \n \n### Impact\n\nA remote attacker with a man-in-the-middle vantage point on the network may be able to decrypt or modify traffic between a client and server. \n \n--- \n \n### Solution\n\n**Apply an Update** \n \nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nAttachmate| | 02 Jun 2014| 19 Aug 2014 \nDebian GNU/Linux| | 02 Jun 2014| 06 Jun 2014 \nFedora Project| | 02 Jun 2014| 06 Jun 2014 \nFreeBSD Project| | 02 Jun 2014| 05 Jun 2014 \nGlobal Technology Associates, Inc.| | 02 Jun 2014| 19 Jun 2014 \nHewlett-Packard Company| | 02 Jun 2014| 21 Aug 2014 \nIBM Corporation| | 02 Jun 2014| 16 Jun 2014 \nNEC Corporation| | 02 Jun 2014| 09 Jun 2014 \nNEC Corporation| | -| 26 Oct 2015 \nNVIDIA| | 02 Jun 2014| 10 Sep 2014 \nOpenSSL| | 09 May 2014| 05 Jun 2014 \nOracle Corporation| | 02 Jun 2014| 16 Jun 2014 \nRed Hat, Inc.| | 02 Jun 2014| 05 Jun 2014 \nSUSE Linux| | 02 Jun 2014| 09 Jun 2014 \nUbuntu| | 02 Jun 2014| 05 Jun 2014 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23978508 Vendor Status Inquiry>). \n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.4 | AV:A/AC:M/Au:N/C:C/I:P/A:N \nTemporal | 5.0 | E:POC/RL:OF/RC:C \nEnvironmental | 8.1 | CDP:H/TD:H/CR:H/IR:M/AR:L \n \n### References\n\n * <https://www.openssl.org/news/secadv_20140605.txt>\n * <http://ccsinjection.lepidum.co.jp/>\n * <http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>\n * <https://plus.google.com/app/basic/stream/z12xhp3hbzbhhjgfm22ncvtbeua1dpaa004>\n\n### Credit\n\nThanks to KIKUCHI Masashi for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n * CVE IDs: [CVE-2014-0224](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>)\n * Date Public: 05 Jun 2014\n * Date First Published: 05 Jun 2014\n * Date Last Updated: 26 Oct 2015\n * Document Revision: 30\n\n", "edition": 4, "reporter": "CERT", "published": "2014-06-05T00:00:00", "title": "OpenSSL is vulnerable to a man-in-the-middle attack", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-0224", "CVE-2014-0224"], "modified": "2015-10-26T00:00:00", "id": "VU:978508", "href": "https://www.kb.cert.org/vuls/id/978508", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:32:53", "references": ["https://getupdates.oracle.com/readme/150383-19"], "pluginID": "66800", "description": "SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Aug/13/17\n\nThis plugin has been deprecated and either replaced with individual 150383 patch-revision plugins, or deemed non-security related.", "edition": 11, "reporter": "Tenable", "published": "2013-06-05T00:00:00", "title": "Solaris 10 (sparc) : 150383-19 (deprecated)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_150383.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66800", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66800);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Solaris 10 (sparc) : 150383-19 (deprecated)\");\n script_summary(english:\"Check for patch 150383-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Aug/13/17\n\nThis plugin has been deprecated and either replaced with individual\n150383 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150383-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 150383 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:38", "references": ["https://alas.aws.amazon.com/ALAS-2014-350.html"], "pluginID": "78293", "description": "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)", "edition": 5, "reporter": "Tenable", "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : openssl098e (ALAS-2014-350)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl098e-debuginfo", "p-cpe:/a:amazon:linux:openssl098e", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-350.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-350.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78293);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_xref(name:\"ALAS\", value:\"2014-350\");\n script_xref(name:\"RHSA\", value:\"2014:0626\");\n\n script_name(english:\"Amazon Linux AMI : openssl098e (ALAS-2014-350)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-350.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update openssl098e' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-0.9.8e-18.2.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl098e-debuginfo-0.9.8e-18.2.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:45", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-June/004173.html"], "pluginID": "74343", "description": "From Red Hat Security Advisory 2014:0624 :\n\nUpdated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "edition": 4, "reporter": "Tenable", "published": "2014-06-06T00:00:00", "title": "Oracle Linux 5 : openssl (ELSA-2014-0624)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2015-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2014-0624.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0624 and \n# Oracle Linux Security Advisory ELSA-2014-0624 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74343);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:25:13 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0624\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2014-0624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0624 :\n\nUpdated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004173.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-27.el5_10.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-27.el5_10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:27", "references": ["https://oss.oracle.com/pipermail/el-errata/2014-June/004193.html"], "pluginID": "74484", "description": "Description of changes:\n\n[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "edition": 4, "reporter": "Tenable", "published": "2014-06-12T00:00:00", "title": "Oracle Linux 4 : openssl (ELSA-2014-3040)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2015-12-01T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2014-3040.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74484", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3040.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74484);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:35:11 $\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Oracle Linux 4 : openssl (ELSA-2014-3040)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004193.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-devel-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-devel-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-devel-0.9.7a-43.18.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssl-perl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"ia64\", reference:\"openssl-perl-0.9.7a-43.18.0.2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.7a-43.18.0.1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:07:13", "references": ["https://bto.bluecoat.com/security-advisory/sa80"], "pluginID": "76164", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of OpenSSL that has multiple flaws, meaning it is potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 6, "reporter": "Tenable", "published": "2014-06-20T00:00:00", "title": "Blue Coat ProxySG 6.2.x OpenSSL Security Bypass", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Firewalls", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76164);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 6.2.x OpenSSL Security Bypass\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of\nOpenSSL that has multiple flaws, meaning it is potentially affected by\nan unspecified error that could allow an attacker to cause usage of\nweak keying material leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 6.2.15.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^6\\.2\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 6.2.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^6\\.2\\.\" && ver_compare(ver:version, fix:\"6.2.15.6\", strict:FALSE) == -1)\n{\n fix = '6.2.15.6';\n ui_fix = '6.2.15.6 Build 0';\n\n # Select fixed version for report\n if (isnull(ui_version)) report_fix = fix;\n else report_fix = ui_fix;\n}\n\nif (!isnull(report_fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : ' + report_fix +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:32:33", "references": ["https://bto.bluecoat.com/security-advisory/sa80"], "pluginID": "76163", "description": "The remote Blue Coat ProxySG device's SGOS self-reported version is 4.x and reportedly contains a bundled version of OpenSSL that has multiple flaws. It is, therefore, potentially affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.", "edition": 6, "reporter": "Tenable", "published": "2014-06-20T00:00:00", "title": "Blue Coat ProxySG 4.x OpenSSL Security Bypass", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Firewalls", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/o:bluecoat:sgos"], "id": "BLUECOAT_PROXY_SG_4_X_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76163);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Blue Coat ProxySG 4.x OpenSSL Security Bypass\");\n script_summary(english:\"Checks the Blue Coat ProxySG SGOS version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is potentially affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Blue Coat ProxySG device's SGOS self-reported version is\n4.x and reportedly contains a bundled version of OpenSSL that has\nmultiple flaws. It is, therefore, potentially affected by an\nunspecified error that could allow an attacker to cause usage of weak\nkeying material, leading to simplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bto.bluecoat.com/security-advisory/sa80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Note that ProxySG 4.0.x, 4.1.x, 4.2.x and 4.3.x will not receive a\npatch for this issue.\n\nPlease contact the vendor for upgrade options.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:bluecoat:sgos\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/20\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\");\n\n script_dependencies(\"bluecoat_proxy_sg_version.nasl\");\n script_require_keys(\"Host/BlueCoat/ProxySG/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/BlueCoat/ProxySG/Version\");\nui_version = get_kb_item(\"Host/BlueCoat/ProxySG/UI_Version\");\n\nif (version !~ \"^4\\.[0-3]\\.\") audit(AUDIT_HOST_NOT, \"Blue Coat ProxySG 4.0.x / 4.1.x / 4.2.x / 4.3.x\");\n\nreport_fix = NULL;\n\n# Select version for report\nif (isnull(ui_version)) report_ver = version;\nelse report_ver = ui_version;\n\nif (version =~ \"^4\\.[0-3]\\.\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + report_ver +\n '\\n Fixed version : Please contact the vendor for upgrade options.' +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'Blue Coat ProxySG', version);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:52:40", "references": ["https://access.redhat.com/errata/RHSA-2014:0680", "https://access.redhat.com/site/articles/904433", "https://access.redhat.com/security/cve/cve-2014-0224", "https://access.redhat.com/site/solutions/905793"], "pluginID": "76892", "description": "Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.", "edition": 8, "reporter": "Tenable", "published": "2014-07-30T00:00:00", "title": "RHEL 7 : openssl098e (RHSA-2014:0680)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:openssl098e"], "id": "REDHAT-RHSA-2014-0680.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0680. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76892);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0680\");\n\n script_name(english:\"RHEL 7 : openssl098e (RHSA-2014:0680)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl098e packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/articles/904433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/solutions/905793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected openssl098e and / or openssl098e-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl098e-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0680\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-0.9.8e-29.el7_0.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl098e-debuginfo-0.9.8e-29.el7_0.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e / openssl098e-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:32:39", "references": ["https://getupdates.oracle.com/readme/148072-19"], "pluginID": "66740", "description": "SunOS 5.10_x86: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual 148072 patch-revision plugins, or deemed non-security related.", "edition": 6, "reporter": "Tenable", "published": "2013-06-02T00:00:00", "title": "Solaris 10 (x86) : 148072-19 (deprecated)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_148072.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66740", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66740);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/30 13:40:15\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"Solaris 10 (x86) : 148072-19 (deprecated)\");\n script_summary(english:\"Check for patch 148072-19\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10_x86: openssl patch.\nDate this patch was last updated by Sun : Dec/17/15\n\nThis plugin has been deprecated and either replaced with individual\n148072 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/148072-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 148072 instead.\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-29T19:21:11", "references": ["https://support.f5.com/csp/#/article/K15325"], "pluginID": "78174", "description": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n(CVE-2014-0224)", "edition": 7, "reporter": "Tenable", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K15325)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL15325.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78174", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15325.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78174);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K15325)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\ndoes not properly restrict processing of ChangeCipherSpec messages,\nwhich allows man-in-the-middle attackers to trigger use of a\nzero-length master key in certain OpenSSL-to-OpenSSL communications,\nand consequently hijack sessions or obtain sensitive information, via\na crafted TLS handshake, aka the 'CCS Injection' vulnerability.\n(CVE-2014-0224)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K15325\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15325.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15325\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.3.0-11.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.4.0-11.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.0.0-11.4.1\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.5.0\",\"11.5.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0\",\"11.5.3\",\"11.5.2\",\"11.5.1HF3\",\"11.5.0HF4\",\"11.3.0-11.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-16T16:57:36", "references": ["https://fortiguard.com/psirt/FG-IR-14-018"], "pluginID": "76535", "description": "FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host.\n\nThe installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.", "edition": 6, "reporter": "Tenable", "published": "2014-07-16T00:00:00", "title": "Fortinet FortiClient OpenSSL Security Bypass", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:fortinet:forticlient"], "id": "FORTICLIENT_5_0_10.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76535);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"CERT\", value:\"978508\");\n\n script_name(english:\"Fortinet FortiClient OpenSSL Security Bypass\");\n script_summary(english:\"Checks the version of FortiClient.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"FortiClient, a client-based software solution intended to provide\nsecurity features for enterprise computers and mobile devices, is\ninstalled on the remote Windows host.\n\nThe installed FortiClient version uses a vulnerable OpenSSL library\nthat contains a flaw with the handshake process. The flaw could allow\nan attacker to cause usage of weak keying material leading to\nsimplified man-in-the-middle attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://fortiguard.com/psirt/FG-IR-14-018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Fortinet FortiClient 5.0.10 / 5.2.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:fortinet:forticlient\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"forticlient_detect.nbin\");\n script_require_keys(\"installed_sw/FortiClient\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"installed_sw/FortiClient\");\n\napp = \"FortiClient\";\n\ninstalls = get_installs(app_name:app);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, app);\n\ninstall = installs[1][0];\npath = install['path'];\nversion = install['version'];\n\n\nfixed_version = \"5.0.10\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470", "http://seclists.org/fulldisclosure/2014/Jun/71"], "description": "While the group of [vulnerabilities that the OpenSSL Project patched](<https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470>) last week hasn\u2019t grown into the kind of mess that the Heartbleed flaw did, the vulnerabilities still affect a huge range of products. Vendors are still making their way through the patching process, and VMware has released an advisory confirming that a long list of its products are vulnerable to the latest OpenSSL bugs. The company said in the [advisory](<http://seclists.org/fulldisclosure/2014/Jun/71>) that there is only a patch available for one of its products right now, ESXi 5.5. VMware sells a huge line of products that includes both clients and servers, which makes the patching process for the most serious of the recent OpenSSL vulnerabilities even more onerous. The critical vulnerability in this group is CVE-2014-0224, a flaw that could enable an attacker to intercept and decrypt traffic between vulnerable clients and a vulnerable server. Both the client and server must be running flawed versions of the software in order for the attack to succeed.\n\nVMware said in its advisory that various products are affected differently by the vulnerability.\n\nVMware said in its advisory that various products are affected differently by the vulnerability, depending upon whether they\u2019re acting as clients or servers.\n\n\u201cCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients,\u201d the advisory says.\n\n\u201cCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using.Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN.\u201d\n\nThe list of other VMware products that are still vulnerable to CVE-2014-0224 and for which no patch is yet available is long, and includes both clients and servers. The company said that the patches for these products, which include other versions of ESXi, several versions of vCenter and vSphere, are in the works.\n", "reporter": "Dennis Fisher", "published": "2014-06-12T09:38:56", "type": "threatpost", "title": "VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable", "enchantments": {"score": {"modified": "2018-10-06T22:58:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2014-06-23T16:47:36", "id": "THREATPOST:9D9869F89AC0737D7BCF95D2D1CF13F8", "href": "https://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-other-products-still-vulnerable/106605/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:58:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470", "http://threatpost.com/openssl-heartbleed-highlights-crypto-pitfalls/105628", "http://blog.ivanristic.com/2014/06/ssl-pulse-49-percent-vulnerable-to-cve-2014-0224-in-june-2014.html", "https://www.imperialviolet.org/2014/06/05/earlyccs.html"], "description": "Certain mitigating factors made the recent [OpenSSL man-in-the-middle vulnerability](<http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470>) a notch or two below [Heartbleed](<http://threatpost.com/openssl-heartbleed-highlights-crypto-pitfalls/105628>) in terms of criticality. With that in consideration, it\u2019s probably no surprise that patching levels for CVE-2014-0224 aren\u2019t as high out of the gate as they were for Heartbleed.\n\nIvan Ristic, an application security researcher and director of engineering at Qualys, said that his company\u2019s research arm, SSL Labs, has been running a remote check for servers vulnerable to the bug. This week it ran that same [scan against a dataset maintained by SSL Pulse](<http://blog.ivanristic.com/2014/06/ssl-pulse-49-percent-vulnerable-to-cve-2014-0224-in-june-2014.html>), a global project that monitors the quality of SSL support, in order to quantify the scope of the problem affecting all OpenSSL client versions and version 1.0.1 of the server software.\n\nThe results weren\u2019t entirely discouraging to Ristic, who has done extensive SSL research.\n\nThe results weren\u2019t entirely discouraging to Ristic, who has done extensive SSL research. The comparison against the SSL Pulse data showed that about 49 percent of servers remain vulnerable, while 14 percent are exploitable.\n\n\u201cI\u2019d say they\u2019re decent,\u201dRistic said of the results. \u201cThe patching rate is not as good as with Heartbleed, but Heartbleed was much worse in terms of impact, and it was very well covered.\u201d\n\nThe scan revealed that about 36 percent of servers are running older versions of OpenSSL that are not exploitable. Those servers too, won\u2019t likely be patched in any urgency, Ristic said. Ristic estimates based on the presence of the Heartbleed extension that 24 percent of servers are running vulnerable versions of OpenSSL, meaning that about 38 percent were patched in the first week.\n\nThe flaw surfaced publicly on June 5, though experts said it\u2019s likely been in the OpenSSL codebase since Day 1 in 1998. The bug enables an attacker to remotely exploit clients or servers running vulnerable versions of OpenSSL to intercept and decrypt traffic. An attacker would have to be in a man-in-the-middle position to do so, not to mention that the bug can only be exploited if an attacker is sitting between both a vulnerable client and server.\n\n\u201cThat just reduces the number of exploitable systems. But I\u2019d say that the attack surface is still pretty big. There\u2019s probably lots of backend stuff using OpenSSL accessing APIs and such,\u201d Ristic said of the mitigating factors. \u201cOne decrypted connection means the password is compromised.\u201d\n\nAdam Langley of Google published an early [analysis](<https://www.imperialviolet.org/2014/06/05/earlyccs.html>) of the vulnerability pointing the finger at ChangeCipherSpec messages sent during the TLS handshake.\n\n\u201cThis vulnerability allows an active network attacker to inject ChangeCipherSpec (CCS) messages to both sides of a connection and force them to fix their keys before all key material is available,\u201d Ristic said. \u201cWeak keys are negotiated as a result.\u201d\n", "reporter": "Michael Mimoso", "published": "2014-06-13T14:05:55", "type": "threatpost", "title": "SSL Pulse Scans Quantify Vulnerable OpenSSL Servers", "enchantments": {"score": {"modified": "2018-10-06T22:58:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2014-06-17T19:12:36", "id": "THREATPOST:79FD5014002E21B53F4970E1583AB7F2", "href": "https://threatpost.com/scans-quantify-vulnerable-openssl-servers/106665/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:58:44", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "references": ["http://www.openssl.org/news/secadv_20140605.txt", "https://www.imperialviolet.org/2014/06/05/earlyccs.html", "http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html", "https://threatpost.com/what-have-we-learned-openssl-heartbleed-bug/105385"], "description": "There is a new, remotely exploitable [vulnerability in OpenSSL](<http://www.openssl.org/news/secadv_20140605.txt>) that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software.\n\nThe new vulnerability could only be exploited to decrypt traffic between a vulnerable client and a vulnerable server, and the attacker would need to have a man-in-the-middle position on a network in order to do so. That\u2019s not an insignificant set of conditions that must be present for a successful attack, but in the current environment, where open wireless networks are everywhere and many users connect to them without a second thought, gaining a MITM position is not an insurmountable hurdle.\n\nResearchers who have looked at the vulnerable piece of code say that it appears to have existed, nearly unchanged, in the OpenSSL source since 1998.\n\n\u201cThe code changes are around the rejection of ChangeCipherSpec messages, which are messages sent during the TLS handshake that mark the change from unencrypted to encrypted traffic. These messages aren\u2019t part of the handshake protocol itself and aren\u2019t linked into the handshake state machine in OpenSSL. Rather there\u2019s a check in the code that they are only received when a new cipher is ready to be used,\u201d Adam Langley, a researcher on the security team at Google, wrote in an [analysis](<https://www.imperialviolet.org/2014/06/05/earlyccs.html>) of the vulnerability.\n\n\u201cHowever, that check (for s->s3->tmp.new_cipher in s3_pkt.c) seems reasonable, but new_cipher is actually set as soon as the cipher for the connection has been decided (i.e. once the ServerHello message has been sent/received), not when the cipher is actually ready! It looks like this is the problem that\u2019s getting fixed in this release.\u201d\n\nMasashi Kikuchi, the Japanese researcher who discovered the vulnerability, confirmed that the bug had been present in OpenSSL since the first version and that it likely should have been found sooner.\n\n\u201cThe biggest reason why the bug hasn\u2019t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation. If the reviewers had enough experiences, they should have been verified OpenSSL code in the same way they do their own code. They could have detected the problem,\u201d Kikuchi said in his [explanation of the vulnerability](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>) and how he discovered it.\n\n\u201cFuzzing may have worked. However, as the history (see below) shows, knowledge of TLS/SSL implementation seems vital.\u201d\n\nThe CVE-2014-0224 bug surfaced two months after the OpenSSL Heartbleed vulnerability came to light.\n\nThe new CVE-2014-0224 bug surfaced two months after the [OpenSSL Heartbleed vulnerability](<https://threatpost.com/what-have-we-learned-openssl-heartbleed-bug/105385>) came to light. That flaw was considered more serious and affected a huge number of diverse systems and clients and administrators and security engineers scrambled to fix it before attackers began taking advantage of it. Heartbleed caused a lot of discussion and debate in the security community and even bled over into the mainstream, albeit not necessarily with the most accurate details.\n\nThis OpenSSL flaw is serious, as well, but likely won\u2019t cause the same sort of distress. Still, Langley said in his analysis that the vulnerability could have a variety of effects.\n\n\u201cThe implications of this are pretty complex. For a client there\u2019s an additional check in the code that requires that a CCS message appear before the Finished and after the master secret has been generated. An attacker can still inject an early CCS too and the keys will be calculated with an empty master secret. Those keys will be latched \u2013 another CCS won\u2019t cause them to be recalculated. However, when sending the second CCS that the client code requires, the Finished hash is recalculated with the correct master secret. This means that the attacker can\u2019t fabricate an acceptable Finished hash. This stops the obvious, generic impersonation attack against the client,\u201d Langley wrote.\n\n\u201cFor a server, there\u2019s no such check and it appears to be possible to send an early CCS message and then fabricate the Finished hash because it\u2019s based on an empty master secret. However, that doesn\u2019t obviously gain an attacker anything.\u201d\n\nThe vulnerability affects some mobile implementations of OpenSSL, as well. Google has already released an updated version of Chrome for Android to fix this issue in the mobile version of the browser.\n\nIn addition to the MITM vulnerability, OpenSSL fixed several other flaws in its latest release. Four of those vulnerabilities can be used to cause a denial-of-service, while the remaining one can allow remote code execution.\n", "reporter": "Dennis Fisher", "published": "2014-06-05T09:30:06", "type": "threatpost", "title": "New OpenSSL MITM Flaw Affects All Clients, Some Server Versions", "enchantments": {"score": {"modified": "2018-10-06T22:58:44", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.threatpost.ThreatpostBulletin", "modified": "2014-06-09T14:04:16", "id": "THREATPOST:A5161FD8579FC8D6BD28F429682A17F9", "href": "https://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-10-26T14:41:44", "references": ["http://kb.juniper.net/JSA10629"], "pluginID": "1361412562310105946", "description": "Junos OS is prone to a OpenSSL man in the middle security\nbypass vulnerability.", "edition": 7, "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-01-23T00:00:00", "title": "Junos SSL/TLS MITM Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "JunOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105946", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve-2014-0224.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Junos SSL/TLS MITM Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105946\");\n script_cve_id(\"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12106 $\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos SSL/TLS MITM Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10629\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to a OpenSSL man in the middle security\nbypass vulnerability.\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage a MITM attack and decrypt and modify\ntraffic from attacked client and server. The attack can only be performed between a vulnerable client\nand server.\");\n\n script_tag(name:\"insight\", value:\"An attacker using a carefully crafted handshake can force the\nuse of weak keying material in OpenSSL SSL/TLS clients and servers which can be exploited to perform\na man in the middle attack.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n script_tag(name:\"affected\", value:\"Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 10:23:01 +0700 (Fri, 23 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (revcomp(a:version, b:\"11.4R12-S1\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n}\n\nif (version =~ \"^12\") {\n if (revcomp(a:version, b:\"12.1X44-D40\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X46-D20\") < 0) &&\n (revcomp(a:version, b:\"12.1X46\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X47-D15\") < 0) &&\n (revcomp(a:version, b:\"12.1X47\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.2R9\") < 0) &&\n (revcomp(a:version, b:\"12.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.3R8\") < 0) &&\n (revcomp(a:version, b:\"12.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a:version, b:\"13.1R4-S2\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.2R5\") < 0) &&\n (revcomp(a:version, b:\"13.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.3R2-S3\") < 0) &&\n (revcomp(a:version, b:\"13.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:36", "references": ["http://linux.oracle.com/errata/ELSA-2014-0680.html"], "pluginID": "1361412562310123368", "description": "Oracle Linux Local Security Checks ELSA-2014-0680", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-0680", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123368", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123368", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0680.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123368\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0680\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0680 - openssl098e security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0680\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0680.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.el7_0.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:25", "references": ["2014:0626", "http://lists.centos.org/pipermail/centos-announce/2014-June/020346.html"], "pluginID": "1361412562310881939", "description": "Check for the Version of openssl097a", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-06-09T00:00:00", "title": "CentOS Update for openssl097a CESA-2014:0626 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl097a CESA-2014:0626 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881939\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:07:23 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl097a CESA-2014:0626 centos5 \");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nx86_64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.x86_64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nia64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.ia64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.ia6 ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"openssl097a on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0626\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-June/020346.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl097a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:05", "references": ["2014:0626", "http://lists.centos.org/pipermail/centos-announce/2014-June/020345.html"], "pluginID": "1361412562310881944", "description": "Check for the Version of openssl098e", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-06-09T00:00:00", "title": "CentOS Update for openssl098e CESA-2014:0626 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881944", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl098e CESA-2014:0626 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881944\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-09 12:29:43 +0530 (Mon, 09 Jun 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for openssl098e CESA-2014:0626 centos6 \");\n\n tag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nx86_64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.x86_64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl097a-0.9.7a-12.el5_10.1.src.rpm\n\ni386:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\n\nia64:\nopenssl097a-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-0.9.7a-12.el5_10.1.ia64.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm\nopenssl097a-debuginfo-0.9.7a-12.el5_10.1.ia6 ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"openssl098e on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0626\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-June/020345.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of openssl098e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.el6_5.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:32:55", "references": ["https://alas.aws.amazon.com/ALAS-2014-351.html"], "pluginID": "1361412562310120310", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2014-351", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120310", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-351.nasl 6715 2017-07-13 09:57:40Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120310\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:18 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-351\");\n script_tag(name:\"insight\", value:\"It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl097a to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-351.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.1.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~12.1.9.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-04T13:34:40", "references": ["http://openssl.org/", "http://www.securityfocus.com/bid/67899"], "pluginID": "1361412562310105042", "description": "OpenSSL is prone to security-bypass vulnerability.", "edition": 5, "reporter": "This script is Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-06-10T00:00:00", "title": "SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SSL and TLS", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-09-03T00:00:00", "id": "OPENVAS:1361412562310105042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_ccs_67899.nasl 11186 2018-09-03 09:12:42Z mmartin $\n#\n# SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105042\");\n script_version(\"$Revision: 11186 $\");\n script_bugtraq_id(67899);\n script_cve_id(\"CVE-2014-0224\");\n script_name(\"SSL/TLS: OpenSSL CCS Man in the Middle Security Bypass Vulnerability\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-03 11:12:42 +0200 (Mon, 03 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-10 17:18:54 +0200 (Tue, 10 Jun 2014)\");\n script_category(ACT_ATTACK);\n script_family(\"SSL and TLS\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_tls_version_get.nasl\");\n script_mandatory_keys(\"ssl_tls/port\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/67899\");\n script_xref(name:\"URL\", value:\"http://openssl.org/\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\n sensitive information by conducting a man-in-the-middle attack. This\n may lead to other attacks.\");\n script_tag(name:\"vuldetect\", value:\"Send two SSL ChangeCipherSpec request and check the response.\");\n script_tag(name:\"insight\", value:\"OpenSSL does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a crafted\n TLS handshake, aka the 'CCS Injection' vulnerability.\");\n script_tag(name:\"solution\", value:\"Updates are available.\");\n script_tag(name:\"summary\", value:\"OpenSSL is prone to security-bypass vulnerability.\");\n script_tag(name:\"affected\", value:\"OpenSSL before 0.9.8za,\n 1.0.0 before 1.0.0m and\n 1.0.1 before 1.0.1h\");\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"mysql.inc\"); # For recv_mysql_server_handshake() in open_ssl_socket()\ninclude(\"byte_func.inc\");\ninclude(\"ssl_funcs.inc\");\ninclude(\"misc_func.inc\");\n\nfunction _test( v, port ) {\n\n local_var v, port, soc, hello, data, record, hello_done, req;\n\n if( ! v ) return FALSE;\n\n soc = open_ssl_socket( port:port );\n if( ! soc ) return FALSE;\n\n hello = ssl_hello( version:v );\n if( ! hello ) {\n close( soc );\n return FALSE;\n }\n\n send( socket:soc, data:hello );\n\n while( ! hello_done ) {\n data = ssl_recv( socket:soc );\n if( ! data ) {\n close( soc );\n return FALSE;\n }\n\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n close( soc );\n return FALSE;\n }\n\n record = search_ssl_record( data:data, search:make_array( \"handshake_typ\", SSLv3_SERVER_HELLO_DONE ) );\n if( record ) {\n hello_done = TRUE;\n v = record[\"version\"];\n break;\n }\n }\n\n if( ! hello_done ) {\n close( soc );\n return FALSE;\n }\n\n req = raw_string( 0x14 ) + v + raw_string( 0x00, 0x01, 0x01 );\n send( socket:soc, data:req );\n\n data = ssl_recv( socket:soc );\n\n if( ! data && socket_get_error( soc ) == ECONNRESET ) {\n close( soc );\n return FALSE;\n }\n\n if( data ) {\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n close( soc );\n return FALSE;\n }\n }\n\n send( socket:soc, data:req );\n data = ssl_recv( socket:soc );\n\n close( soc );\n\n if( ! data ) return FALSE;\n\n record = search_ssl_record( data:data, search:make_array( \"content_typ\", SSLv3_ALERT ) );\n if( record ) {\n if( record['level'] == SSLv3_ALERT_FATAL && ( record['description'] == SSLv3_ALERT_BAD_RECORD_MAC || record['description'] == SSLv3_ALERT_DECRYPTION_FAILED ) ) {\n security_message( port:port );\n exit( 0 );\n }\n }\n}\n\nport = get_ssl_port();\nif( ! port ) exit( 0 );\n\nif( ! versions = get_supported_tls_versions( port:port, min:SSL_v3 ) ) exit( 0 );\n\nforeach version( versions ) {\n _test( v:version, port:port );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:32:56", "references": ["https://alas.aws.amazon.com/ALAS-2014-350.html"], "pluginID": "1361412562310120311", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2014-350", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120311", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-350.nasl 6715 2017-07-13 09:57:40Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120311\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:23:19 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-350\");\n script_tag(name:\"insight\", value:\"It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224 )\");\n script_tag(name:\"solution\", value:\"Run yum update openssl098e to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-350.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~18.2.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.2.13.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-26T14:44:23", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21677842"], "pluginID": "1361412562310105129", "description": "There is an OpenSSL vulnerability that could allow an attacker to decrypt\nand modify traffic from a vulnerable client and server. ", "edition": 7, "reporter": "This script is Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-03T00:00:00", "title": "IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310105129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_endpoint_67899.nasl 12095 2018-10-25 12:00:24Z cfischer $\n#\n# IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:tivoli_endpoint_manager\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105129\");\n script_bugtraq_id(67899);\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12095 $\");\n\n script_name(\"IBM Endpoint Manager 9.1 OpenSSL Man in the Middle Security Bypass Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21677842\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow attackers to obtain\nsensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An OpenSSL advisory was announced on June 5, 2014 in several versions\nof OpenSSL. Several vulnerabilities were detailed in this advisory. One affects IBM Endpoint Manager 9.1 --\nthe ChangeCipherSpec (CCS) Injection Vulnerability. This vulnerability can be exploited by a Man-in-the-middle\n(MITM) attack allowing an attacker to eavesdrop and make falsifications between Root Server, Web Reports, Relay,\nand Proxy Agent communications. An eavesdropping attacker can obtain console login credentials.\");\n\n script_tag(name:\"solution\", value:\"Upgrade all components to version 9.1.1117.\");\n\n script_tag(name:\"summary\", value:\"There is an OpenSSL vulnerability that could allow an attacker to decrypt\nand modify traffic from a vulnerable client and server. \");\n\n script_tag(name:\"affected\", value:\"IBM Endpoint Manager 9.1 (9.1.1065, 9.1.1082, and 9.1.1088) are the only\naffected versions. Previous versions are not affected\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 14:00:24 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-03 13:45:19 +0100 (Wed, 03 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ibm_endpoint_manager_web_detect.nasl\");\n script_require_ports(\"Services/www\", 52311);\n script_mandatory_keys(\"ibm_endpoint_manager/installed\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\n\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version !~ \"^9\\.1\\.[0-9]+\" ) exit( 0 );\n\nfixed_version = '9.1.1117';\n\ncv = split( version, sep:'.', keep:FALSE );\n\nck_version = cv[2];\n\nif( int( ck_version ) < int( 1117 ) )\n{\n report = 'Installed version: ' + version + '\\nFixed version: ' + fixed_version + '\\n';\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:03:45", "references": ["https://access.redhat.com/site/articles/11258", "https://www.redhat.com/archives/rhsa-announce/2014-June/msg00021.html", "2014:0680-01", "https://access.redhat.com/site/articles/904433"], "pluginID": "1361412562310871188", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-04T00:00:00", "title": "RedHat Update for openssl098e RHSA-2014:0680-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl098e RHSA-2014:0680-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871188\");\n script_version(\"$Revision: 12382 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:51:56 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-04 16:48:46 +0530 (Fri, 04 Jul 2014)\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for openssl098e RHSA-2014:0680-01\");\n\n\n script_tag(name:\"affected\", value:\"openssl098e on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available in the references.\n\n5. Bugs fixed:\n\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-0.9.8e-29.el7_0.2.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-0.9.8e-29.el7_0.2.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_0.2.src.rpm\n\nppc64:\nopenssl098e-0.9.8e-29.el7_0.2.ppc.rpm\nopenssl098e-0.9.8e-29.el7_0.2.p ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0680-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00021.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl098e'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/904433\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/site/articles/11258\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.el7_0.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl098e-debuginfo\", rpm:\"openssl098e-debuginfo~0.9.8e~29.el7_0.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:23", "references": ["http://linux.oracle.com/errata/ELSA-2014-0626.html"], "pluginID": "1361412562310123402", "description": "Oracle Linux Local Security Checks ELSA-2014-0626", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2014-0626", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0626.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123402\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:20 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0626\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0626 - openssl097a and openssl098e security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0626\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0626.html\");\n script_cve_id(\"CVE-2014-0224\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~12.el5_10.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~18.0.1.el6_5.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:28", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0626.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.7a-12.1.9.amzn1", "arch": "i686", "packageFilename": "openssl097a-0.9.7a-12.1.9.amzn1.i686.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.7a-12.1.9.amzn1", "arch": "i686", "packageFilename": "openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.i686.rpm", "packageName": "openssl097a-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.7a-12.1.9.amzn1", "arch": "x86_64", "packageFilename": "openssl097a-0.9.7a-12.1.9.amzn1.x86_64.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.7a-12.1.9.amzn1", "arch": "src", "packageFilename": "openssl097a-0.9.7a-12.1.9.amzn1.src.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.7a-12.1.9.amzn1", "arch": "x86_64", "packageFilename": "openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.x86_64.rpm", "packageName": "openssl097a-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\n \n**Affected Packages:** \n\n\nopenssl097a\n\n \n**Issue Correction:** \nRun _yum update openssl097a_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl097a-0.9.7a-12.1.9.amzn1.i686 \n openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.i686 \n \n src: \n openssl097a-0.9.7a-12.1.9.amzn1.src \n \n x86_64: \n openssl097a-debuginfo-0.9.7a-12.1.9.amzn1.x86_64 \n openssl097a-0.9.7a-12.1.9.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-19T10:19:00", "title": "Important: openssl097a", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:28", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-09-19T10:19:00", "id": "ALAS-2014-351", "href": "https://alas.aws.amazon.com/ALAS-2014-351.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T16:55:15", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0626.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.8e-18.2.13.amzn1", "arch": "i686", "packageFilename": "openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.i686.rpm", "packageName": "openssl098e-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.8e-18.2.13.amzn1", "arch": "x86_64", "packageFilename": "openssl098e-0.9.8e-18.2.13.amzn1.x86_64.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.8e-18.2.13.amzn1", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-18.2.13.amzn1.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.8e-18.2.13.amzn1", "arch": "x86_64", "packageFilename": "openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.x86_64.rpm", "packageName": "openssl098e-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "0.9.8e-18.2.13.amzn1", "arch": "src", "packageFilename": "openssl098e-0.9.8e-18.2.13.amzn1.src.rpm", "packageName": "openssl098e", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. ([CVE-2014-0224 __](<https://access.redhat.com/security/cve/CVE-2014-0224>))\n\n \n**Affected Packages:** \n\n\nopenssl098e\n\n \n**Issue Correction:** \nRun _yum update openssl098e_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.i686 \n openssl098e-0.9.8e-18.2.13.amzn1.i686 \n \n src: \n openssl098e-0.9.8e-18.2.13.amzn1.src \n \n x86_64: \n openssl098e-debuginfo-0.9.8e-18.2.13.amzn1.x86_64 \n openssl098e-0.9.8e-18.2.13.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-18T00:40:00", "title": "Important: openssl098e", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:15", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-09-18T00:40:00", "id": "ALAS-2014-350", "href": "https://alas.aws.amazon.com/ALAS-2014-350.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:32", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-0.9.8e-27.el5_10.3.i686.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-05T04:00:00", "type": "redhat", "title": "(RHSA-2014:0624) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:20:10", "id": "RHSA-2014:0624", "href": "https://access.redhat.com/errata/RHSA-2014:0624", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:43", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.9.7a-43.22.el4", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-0.9.7a-43.22.el4.i686.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-05T04:00:00", "type": "redhat", "title": "(RHSA-2014:0627) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:06:10", "id": "RHSA-2014:0627", "href": "https://access.redhat.com/errata/RHSA-2014:0627", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:33", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_0.2", "arch": "x86_64", "packageName": "openssl098e-debuginfo", "packageFilename": "openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-10T04:00:00", "type": "redhat", "title": "(RHSA-2014:0680) Important: openssl098e security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:32:29", "id": "RHSA-2014:0680", "href": "https://access.redhat.com/errata/RHSA-2014:0680", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "i386", "packageName": "openssl097a-debuginfo", "packageFilename": "openssl097a-debuginfo-0.9.7a-12.el5_10.1.i386.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-05T04:00:00", "type": "redhat", "title": "(RHSA-2014:0626) Important: openssl097a and openssl098e security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:10", "id": "RHSA-2014:0626", "href": "https://access.redhat.com/errata/RHSA-2014:0626", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-05T04:00:00", "type": "redhat", "title": "(RHSA-2014:0625) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:08", "id": "RHSA-2014:0625", "href": "https://access.redhat.com/errata/RHSA-2014:0625", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:00", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-10T04:00:00", "type": "redhat", "title": "(RHSA-2014:0679) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:20", "id": "RHSA-2014:0679", "href": "https://access.redhat.com/errata/RHSA-2014:0679", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:10", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageName": "openssl-debuginfo", "packageFilename": "openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm", "operator": "lt"}], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n", "reporter": "RedHat", "published": "2014-06-05T04:00:00", "type": "redhat", "title": "(RHSA-2014:0628) Important: openssl security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2015-04-24T14:18:05", "id": "RHSA-2014:0628", "href": "https://access.redhat.com/errata/RHSA-2014:0628", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:37:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i386", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "ia64", "packageFilename": "openssl-0.9.8e-27.el5_10.3.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i386", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "ia64", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "ia64", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "x86_64", "packageFilename": "openssl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}], "description": "[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "edition": 3, "reporter": "Oracle", "published": "2014-06-05T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-06-05T00:00:00", "id": "ELSA-2014-0624", "href": "http://linux.oracle.com/errata/ELSA-2014-0624.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:48", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i386", "packageFilename": "openssl-devel-0.9.7a-43.18.0.2.el4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i386", "packageFilename": "openssl-devel-0.9.7a-43.18.0.2.el4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.7a-43.18.0.2.el4.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "ia64", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.7a-43.18.0.2.el4.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i686", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i386", "packageFilename": "openssl-perl-0.9.7a-43.18.0.2.el4.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "i386", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "src", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "x86_64", "packageFilename": "openssl-0.9.7a-43.18.0.2.el4.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "ia64", "packageFilename": "openssl-perl-0.9.7a-43.18.0.2.el4.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.9.7a-43.18.0.2.el4", "arch": "ia64", "packageFilename": "openssl-devel-0.9.7a-43.18.0.2.el4.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "[0.9.7a-43.18.0.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "edition": 3, "reporter": "Oracle", "published": "2014-06-11T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-06-11T00:00:00", "id": "ELSA-2014-3040", "href": "http://linux.oracle.com/errata/ELSA-2014-3040.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:46:29", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_0.2", "arch": "src", "packageFilename": "openssl098e-0.9.8e-29.el7_0.2.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_0.2", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-29.el7_0.2.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_0.2", "arch": "x86_64", "packageFilename": "openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm", "packageName": "openssl098e", "operator": "lt"}], "description": "[0.9.8e-29.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "edition": 3, "reporter": "Oracle", "published": "2014-07-23T00:00:00", "title": "openssl098e security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-07-23T00:00:00", "id": "ELSA-2014-0680", "href": "http://linux.oracle.com/errata/ELSA-2014-0680.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:03", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-18.0.1.el6_5.2", "arch": "x86_64", "packageFilename": "openssl098e-0.9.8e-18.0.1.el6_5.2.x86_64.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-18.0.1.el6_5.2", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-18.0.1.el6_5.2.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-18.0.1.el6_5.2", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-18.0.1.el6_5.2.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "x86_64", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "i386", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.i386.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "i386", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.i386.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "i386", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.i386.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-18.0.1.el6_5.2", "arch": "src", "packageFilename": "openssl098e-0.9.8e-18.0.1.el6_5.2.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-18.0.1.el6_5.2", "arch": "src", "packageFilename": "openssl098e-0.9.8e-18.0.1.el6_5.2.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "ia64", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.ia64.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "src", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.src.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "src", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.src.rpm", "packageName": "openssl097a", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "arch": "src", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.src.rpm", "packageName": "openssl097a", "operator": "lt"}], "description": "[0.9.8e-18.0.1.el6_5.2]\n- Updated the description\n[0.9.8e-18.2]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-18]\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)", "edition": 3, "reporter": "Oracle", "published": "2014-06-05T00:00:00", "title": "openssl097a and openssl098e security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2012-2110"], "modified": "2014-06-05T00:00:00", "id": "ELSA-2014-0626", "href": "http://linux.oracle.com/errata/ELSA-2014-0626.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:40:42", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "x86_64", "packageFilename": "openssl-0.9.8e-27.el5_10.4.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "ia64", "packageFilename": "openssl-0.9.8e-27.el5_10.4.ia64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i386", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.4.i386.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i386", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.4.i386.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "src", "packageFilename": "openssl-0.9.8e-27.el5_10.4.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "x86_64", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "ia64", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "ia64", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i386", "packageFilename": "openssl-0.9.8e-27.el5_10.4.i386.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.4.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.4", "arch": "i686", "packageFilename": "openssl-0.9.8e-27.el5_10.4.i686.rpm", "packageName": "openssl", "operator": "lt"}], "description": "[0.9.8e-27.4]\n- fix CVE-2014-0221 - recursion in DTLS code leading to DoS\n- fix CVE-2014-3505 - doublefree in DTLS packet processing\n- fix CVE-2014-3506 - avoid memory exhaustion in DTLS\n- fix CVE-2014-3508 - fix OID handling to avoid information leak\n- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS\n[0.9.8e-27.3]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability\n[0.9.8e-27.1]\n- replace expired GlobalSign Root CA certificate in ca-bundle.crt", "edition": 3, "reporter": "Oracle", "published": "2014-08-13T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-3505", "CVE-2014-3508", "CVE-2014-0224", "CVE-2014-3506", "CVE-2014-3510", "CVE-2014-0221"], "modified": "2014-08-13T00:00:00", "id": "ELSA-2014-1053", "href": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:42:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-20.0.1.el6_7.1", "arch": "src", "packageFilename": "openssl098e-0.9.8e-20.0.1.el6_7.1.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-20.0.1.el6_7.1", "arch": "src", "packageFilename": "openssl098e-0.9.8e-20.0.1.el6_7.1.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_2.3", "arch": "src", "packageFilename": "openssl098e-0.9.8e-29.el7_2.3.src.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_2.3", "arch": "x86_64", "packageFilename": "openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-20.0.1.el6_7.1", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-20.0.1.el6_7.1.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-20.0.1.el6_7.1", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-20.0.1.el6_7.1.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8e-29.el7_2.3", "arch": "i686", "packageFilename": "openssl098e-0.9.8e-29.el7_2.3.i686.rpm", "packageName": "openssl098e", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8e-20.0.1.el6_7.1", "arch": "x86_64", "packageFilename": "openssl098e-0.9.8e-20.0.1.el6_7.1.x86_64.rpm", "packageName": "openssl098e", "operator": "lt"}], "description": "[0.9.8e-20.0.1.1]\n- Updated the description\n[0.9.8e-20.1]\n- fix CVE-2015-0293 - triggerable assert in SSLv2 server\n- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n- disable SSLv2 in the generic TLS method\n[0.9.8e-20]\n- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability", "edition": 3, "reporter": "Oracle", "published": "2016-03-09T00:00:00", "title": "openssl098e security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2014-0224", "CVE-2015-0293", "CVE-2016-0800", "CVE-2016-0704", "CVE-2016-0703"], "modified": "2016-03-09T00:00:00", "id": "ELSA-2016-0372", "href": "http://linux.oracle.com/errata/ELSA-2016-0372.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:37", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageFilename": "openssl-1.0.1e-34.el7_0.3.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "src", "packageFilename": "openssl-1.0.1e-34.el7_0.3.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "i686", "packageFilename": "openssl-devel-1.0.1e-34.el7_0.3.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "i686", "packageFilename": "openssl-static-1.0.1e-34.el7_0.3.i686.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "i686", "packageFilename": "openssl-libs-1.0.1e-34.el7_0.3.i686.rpm", "packageName": "openssl-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageFilename": "openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm", "packageName": "openssl-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.0.1e-34.el7_0.3", "arch": "x86_64", "packageFilename": "openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}], "description": "[1.0.1e-34.3]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 3, "reporter": "Oracle", "published": "2014-07-23T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-07-23T00:00:00", "id": "ELSA-2014-0679", "href": "http://linux.oracle.com/errata/ELSA-2014-0679.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:38:46", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageFilename": "openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageFilename": "openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-perl-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageFilename": "openssl-1.0.1e-16.el6_5.14.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-static-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl-static", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "src", "packageFilename": "openssl-1.0.1e-16.el6_5.14.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "src", "packageFilename": "openssl-1.0.1e-16.el6_5.14.src.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageFilename": "openssl-1.0.1e-16.el6_5.14.i686.rpm", "packageName": "openssl", "operator": "lt"}], "description": "[1.0.1e-16.14]\n- fix CVE-2010-5298 - possible use of memory after free\n- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment\n- fix CVE-2014-0198 - possible NULL pointer dereference\n- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet\n- fix CVE-2014-0224 - SSL/TLS MITM vulnerability\n- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH", "edition": 3, "reporter": "Oracle", "published": "2014-06-05T00:00:00", "title": "openssl security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-05T00:00:00", "id": "ELSA-2014-0625", "href": "http://linux.oracle.com/errata/ELSA-2014-0625.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "jvn": [{"lastseen": "2018-08-31T00:36:19", "references": [], "description": "\n ## Description\n\nOpenSSL contains a flaw in the implementation of the [Change Cipher Spec](<http://tools.ietf.org/html/rfc5246#section-7.1>) protocol that allows a MITM (man-in-the-middle) attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake ([CWE-325](<http://cwe.mitre.org/data/definitions/325.html>)). \n\n\n ## Impact\n\nSSL/TLS communication between the server and the client can be decrypted or altered by the MITM attacker. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\nIt is confirmed that the SSL/TLS communication between a server and a client using the following vulnerable OpenSSL versions is affected. \n \nServer: \n\n\n * OpenSSL 1.0.1g and earlier\nClient: \n\n\n * OpenSSL 1.0.1g and earlier\n * OpenSSL 1.0.0l and earlier\n * OpenSSL 0.9.8y and earlier\n", "edition": 3, "reporter": "Japan Vulnerability Notes", "published": "2014-06-06T00:00:00", "title": "JVN#61247051: OpenSSL improper handling of Change Cipher Spec message", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "modified": "2015-10-22T00:00:00", "id": "JVN:61247051", "href": "http://jvn.jp/en/jp/JVN61247051/index.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "thn": [{"lastseen": "2018-01-27T09:17:13", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "references": [], "description": "[![Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw](https://1.bp.blogspot.com/-0lzOmBFdj24/U60nT7Xf7oI/AAAAAAAAATk/f_uoAAGVfJQ/s728/Google-Android-code-execution-vulnerability.jpg)](<https://1.bp.blogspot.com/-0lzOmBFdj24/U60nT7Xf7oI/AAAAAAAAATk/f_uoAAGVfJQ/s1600/Google-Android-code-execution-vulnerability.jpg>)\n\nA critical code-execution vulnerability almost affecting everyone those are not running the most updated version of [Google Android](<https://thehackernews.com/search/label/Android>), i.e. Android version 4.4 also known as KitKat.\n\n \n\n\nAfter nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally [revealed](<http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed>) all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices.\n\n> \u201c_Considering Android\u2019s fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure_,\u201d said Roee Hay, a security research group leader at IBM.\n\nThe researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers\u2019 website is the _**service code running in Android responsible for storing and securing device\u2019s cryptographic keys**_.\n\n \n\n\n**CAUSE OF THE CRITICAL FLAW**\n\nAccording to the researchers, the vulnerability occurred due the absent bounds check for a stack buffer created by the \u201c_KeyStore::getKeyForName_\u201d method.\n\n \n\n\n\u201c_This function has several callers, which are accessible by external applications using the Binder interface (e.g., \u2018android::KeyStoreProxy::get\u2019). Therefore, the \u2018keyName\u2019 variable can be controllable with an arbitrary size by a malicious application,\u201d Hay said. \u201c__The \u2018encode_key\u2019 routine that is called by \u2018encode_key_for_uid\u2019 can overflow the \u2018filename\u2019 buffer, since bounds checking is absent._\u201d\n\n \n\n\n**ANDROID VULNERABILITY IMPACT**\n\nWhile IBM's researchers haven't seen this vulnerability being exploited in the wild yet. But if successfully exploited, would compromise a device completely allowing an attacker to execute malicious code of their choice under the keystore process. \n\n \n\n\nConsequently, the attacker could gain access to the device\u2019s sensitive information such as device\u2019s lock-screen credentials, encrypted and decrypted master keys, data and hardware-backed key identifiers from the memory, as well as the ability to carry out cryptographic operations such as arbitrary signing of data on behalf of the users.\n\n \n\n\n**ATTACK VECTOR**\n\nWhile this could be accomplished only with the use of a malicious application, but there are a number of obstacles for the working exploit to overcome.\n\n \n\n\nThat means, a malicious application must have ability to bypass memory-based protections native to the operating system including Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). \n\n \n\n\nDEP is an exploit mitigation that limits where code can be executed and helps prevent certain malicious exploits, but the attackers have had success using shellcode or Return Oriented Programming (ROP) attacks in order to bypass DEP. \n\n[![Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw](https://3.bp.blogspot.com/-Y68qvgyNY6E/U60ol3kmYvI/AAAAAAAAATw/RiJqMrmO0-I/s728/keystore.png)](<https://3.bp.blogspot.com/-Y68qvgyNY6E/U60ol3kmYvI/AAAAAAAAATw/RiJqMrmO0-I/s1600/keystore.png>)\n\nWhile, ASLR specifically reduces buffer overflow attacks that exploit vulnerabilities like the one elaborated in this article. ASLR randomizes the memory locations used by system files and other programs, making it much harder for an attacker to correctly guess the location of a given process.\n\n \n\n\nAn attacker would also need to overcome the stack canaries present in Android, which is used to detect stack buffer overflow bugs such as this one before execution of malicious code can occur. Moreover, Android also makes use of encoding, which is also an obstacle for the attacker to overcome. \n\n> \u201c_However, the Android KeyStore is respawned every time it terminates_,\u201d Hay cautions. \u201c_This behavior enables a probabilistic approach; moreover, the attacker may even theoretically abuse ASLR to defeat the encoding._\u201d\n\n**LATEST UPDATE - ANDROID 4.4.4**\n\nCurrently Google is rolling out Android KitKat 4.4.4 with build number KTU84P (branch kitkat-mr2.1-release) to several Nexus devices, including Nexus 4, 5, 7, and 10. Latest update primarily addresses the [OpenSSL CCS Injection Vulnerability](<https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html>) (CVE-2014-0224), which was discovered in OpenSSL after the [Heartbleed bug](<https://thehackernews.com/search/label/Heartbleed%20bug>) was uncovered.\n\n \n\n\nSo if you haven't updated your OS, this might be a good time to do it. Users can check to see if the update is available for their device by accessing Settings > About Phone > System Updates.\n", "reporter": "Swati Khandelwal", "published": "2014-06-26T21:22:00", "type": "thn", "title": "Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.thn.ThnBulletin", "modified": "2014-06-27T08:22:22", "id": "THN:11ACCB96E6DF3B8769AC3B63D2F85776", "href": "https://thehackernews.com/2014/06/android-43-and-earlier-versions.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-27T09:17:49", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "references": [], "description": "[![OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Vulnerabilities](https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s728/Openssl-bug-mitm.jpg)](<https://3.bp.blogspot.com/-W9MmiVzV-K4/U5CfAfLYiXI/AAAAAAAAb9U/ypeNlFGpb14/s1600/Openssl-bug-mitm.jpg>)\n\nRemember OpenSSL [Heartbleed vulnerability](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)? Several weeks ago, the exposure of this security bug chilled the Internet, revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications.\n\n \n\n\nNow once again the OpenSSL Foundation has issued software updates to patch six new vulnerabilities, and two of them are critical.\n\n \n\n\n**MAN-IN-THE-MIDDLE ATTACK (CVE-2014-0224)**\n\nFirst critical vulnerability (CVE-2014-0224) in [OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is \"_CCS Injection_\" - resides in ChangeCipherSpec (CCS) request sent during the handshake that could allow an attacker to perform a [man-in-the-middle attack](<https://thehackernews.com/search/label/Man-in-the-Middle>) against the encrypted connection servers and clients. \n\n \n\n\nBy exploiting this vulnerability an attacker could intercept an encrypted connection which allows him to decrypt, read or manipulate the data. But the reported flaw is exploitable only if both server and client are vulnerable to this issue.\n\n \n\n\nAccording to the OpenSSL [advisory](<https://www.openssl.org/news/secadv_20140605.txt>), \"_An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers._\" All versions of OpenSSL are vulnerable on the client side. Only 1.0.1 and above are currently known to be vulnerable on the server side. SSL VPN (_virtual private network_) products are believed to be especially vulnerable to this flaw.\n\n \n\n\nOpenSSL CCS Injection vulnerability is discovered by a Japanese security researcher, _[Masashi Kikuchi](<http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html>)_ from Lepidum security firm._ _According to him this bug was existed since the very first release of OpenSSL. RedHat also posted a detailed [explanation](<https://securityblog.redhat.com/2014/06/05/openssl-mitm-ccs-injection-attack-cve-2014-0224/>) about this bug on their security blog.\n\n** \n**\n\n**DTLS invalid fragment vulnerability (CVE-2014-0195):**** **Sending invalid DTLS fragments to a OpenSSL DTLS client or server can lead to a buffer overrun attack. A potential hacker could exploit this flaw to run arbitrary code on a vulnerable client or server. This [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) also marked as critical bug.\n\n \n\n\n**DTLS recursion flaw (CVE-2014-0221): **A remote attacker can send an invalid DTLS (Datagram Transport Layer Security) handshake to an OpenSSL DTLS client, which will force the code to recurse eventually crashing in a DoS attack. This attack is limited to the applications using OpenSSL as a DTLS client.\n\n \n\n\nDTLS mainly used in VOIP and other communication related applications like Cisco Systems\u2019 AnyConnect VPN Client. Chrome and Firefox web browser also support [DTLS for WebRTC](<https://thehackernews.com/2014/06/mozilla-to-provide-webrtc-based-free.html>) (_Web Real-Time Communication_) for P2P file sharing and Voice/Video Chats.\n\n \n\n\nOther important OpenSSL vulnerabilities are:\n\n * **SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198),** allows remote attackers to cause a denial of service via a NULL pointer dereference.\n * **SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298),** allows remote attackers to inject data across sessions or cause a denial of service.\n * **Anonymous ECDH denial of service (CVE-2014-3470),** OpenSSL TLS clients enabling anonymous ECDH (Elliptic Curve Diffie Hellman) ciphersuites are subject to a denial of service attack.\n\nBut the good news is that these vulnerabilities are not as critical as Heartbleed bug. The patched versions 0.9.8za, 1.0.0m and 1.0.1h are available on the project website to download and The OpenSSL Foundation is urging companies to update their implementation as soon as possible.\n", "reporter": "Mohit Kumar", "published": "2014-06-05T05:49:00", "type": "thn", "title": "OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "_object_type": "robots.models.thn.ThnBulletin", "modified": "2014-06-05T16:51:06", "id": "THN:D2B91981A95FA63440BEC1909D1FAE82", "href": "https://thehackernews.com/2014/06/openssl-vulnerable-to-man-in-middle.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2018-08-21T03:28:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "references": [], "description": "This module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.", "reporter": "Rapid7", "published": "2014-06-09T22:38:11", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/auxiliary/scanner/ssl/openssl_ccs.rb", "type": "metasploit", "title": "OpenSSL Server-Side ChangeCipherSpec Injection Scanner", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0224"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Normal", "id": "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_CCS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Tcp\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n CIPHER_SUITES = [\n 0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n 0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n 0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA\n 0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA\n 0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n 0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n 0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\n 0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\n 0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\n 0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\n 0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA\n 0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\n 0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA\n 0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA\n 0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA\n 0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n 0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n 0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA\n 0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA\n 0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n 0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n 0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA\n 0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA\n 0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n 0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n 0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA\n 0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA\n 0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\n 0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\n 0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\n 0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\n 0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA\n 0x0096, # TLS_RSA_WITH_SEED_CBC_SHA\n 0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\n 0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA\n 0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA\n 0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA\n 0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA\n 0x0005, # TLS_RSA_WITH_RC4_128_SHA\n 0x0004, # TLS_RSA_WITH_RC4_128_MD5\n 0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA\n 0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA\n 0x0009, # TLS_RSA_WITH_DES_CBC_SHA\n 0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA\n 0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA\n 0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA\n 0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5\n 0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5\n 0x00ff # Unknown\n ]\n\n HANDSHAKE_RECORD_TYPE = 0x16\n CCS_RECORD_TYPE = 0x14\n ALERT_RECORD_TYPE = 0x15\n TLS_VERSION = {\n 'SSLv3' => 0x0300,\n '1.0' => 0x0301,\n '1.1' => 0x0302,\n '1.2' => 0x0303\n }\n\n def initialize\n super(\n 'Name' => 'OpenSSL Server-Side ChangeCipherSpec Injection Scanner',\n 'Description' => %q{\n This module checks for the OpenSSL ChangeCipherSpec (CCS)\n Injection vulnerability. The problem exists in the handling of early\n CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts\n them, while later implementations do not. If successful, an attacker can leverage this\n vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec\n between a client and server. This issue was first reported in early June, 2014.\n },\n 'Author' => [\n 'Masashi Kikuchi', # Vulnerability discovery\n 'Craig Young <CYoung[at]tripwire.com>', # Original Scanner. This module is based on it.\n 'juan vazquez' # Metasploit module\n ],\n 'References' =>\n [\n ['CVE', '2014-0224'],\n ['URL', 'http://ccsinjection.lepidum.co.jp/'],\n ['URL', 'http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html'],\n ['URL', 'http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/'],\n ['URL', 'https://www.imperialviolet.org/2014/06/05/earlyccs.html']\n ],\n 'DisclosureDate' => 'Jun 5 2014',\n 'License' => MSF_LICENSE\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptEnum.new('TLS_VERSION', [true, 'TLS/SSL version to use', '1.0', ['SSLv3','1.0', '1.1', '1.2']]),\n OptInt.new('RESPONSE_TIMEOUT', [true, 'Number of seconds to wait for a server response', 10])\n ])\n end\n\n def response_timeout\n datastore['RESPONSE_TIMEOUT']\n end\n\n def run_host(ip)\n ccs_injection\n end\n\n def ccs_injection\n connect_result = establish_connect\n return if connect_result.nil?\n\n vprint_status(\"Sending CCS...\")\n sock.put(ccs)\n alert = sock.get_once(-1, response_timeout)\n if alert.blank?\n print_good(\"No alert after invalid CCS message, probably vulnerable\")\n report\n elsif alert.unpack(\"C\").first == ALERT_RECORD_TYPE\n vprint_error(\"Alert record as response to the invalid CCS Message, probably not vulnerable\")\n elsif alert\n vprint_warning(\"Unexpected response.\")\n end\n end\n\n def report\n report_vuln({\n :host => rhost,\n :port => rport,\n :name => self.name,\n :refs => self.references,\n :info => \"Module #{self.fullname} successfully detected CCS injection\"\n })\n end\n\n def ccs\n payload = \"\\x01\" # Change Cipher Spec Message\n\n ssl_record(CCS_RECORD_TYPE, payload)\n end\n\n def client_hello\n # Use current day for TLS time\n time_temp = Time.now\n time_epoch = Time.mktime(time_temp.year, time_temp.month, time_temp.day, 0, 0).to_i\n\n hello_data = [TLS_VERSION[datastore['TLS_VERSION']]].pack(\"n\") # Version TLS\n hello_data << [time_epoch].pack(\"N\") # Time in epoch format\n hello_data << Rex::Text.rand_text(28) # Random\n hello_data << \"\\x00\" # Session ID length\n hello_data << [CIPHER_SUITES.length * 2].pack(\"n\") # Cipher Suites length (102)\n hello_data << CIPHER_SUITES.pack(\"n*\") # Cipher Suites\n hello_data << \"\\x01\" # Compression methods length (1)\n hello_data << \"\\x00\" # Compression methods: null\n\n data = \"\\x01\\x00\" # Handshake Type: Client Hello (1)\n data << [hello_data.length].pack(\"n\") # Length\n data << hello_data\n\n ssl_record(HANDSHAKE_RECORD_TYPE, data)\n end\n\n def ssl_record(type, data)\n record = [type, TLS_VERSION[datastore['TLS_VERSION']], data.length].pack('Cnn')\n record << data\n end\n\n def establish_connect\n connect\n\n vprint_status(\"Sending Client Hello...\")\n sock.put(client_hello)\n server_hello = sock.get_once(-1, response_timeout)\n\n unless server_hello\n vprint_error(\"No Server Hello after #{response_timeout} seconds...\")\n disconnect\n return nil\n end\n\n unless server_hello.unpack(\"C\").first == HANDSHAKE_RECORD_TYPE\n vprint_error(\"Server Hello Not Found\")\n return nil\n end\n\n true\n end\nend\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_ccs.rb"}], "centos": [{"lastseen": "2017-10-03T18:26:25", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0626.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.9.8e-18.el6_5.2", "packageFilename": "openssl098e-0.9.8e-18.el6_5.2.x86_64.rpm", "packageName": "openssl098e", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.src.rpm", "packageName": "openssl097a", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.9.8e-18.el6_5.2", "packageFilename": "openssl098e-0.9.8e-18.el6_5.2.src.rpm", "packageName": "openssl098e", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.x86_64.rpm", "packageName": "openssl097a", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.9.8e-18.el6_5.2", "packageFilename": "openssl098e-0.9.8e-18.el6_5.2.i686.rpm", "packageName": "openssl098e", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.9.8e-18.el6_5.2", "packageFilename": "openssl098e-0.9.8e-18.el6_5.2.i686.rpm", "packageName": "openssl098e", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.i386.rpm", "packageName": "openssl097a", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.7a-12.el5_10.1", "packageFilename": "openssl097a-0.9.7a-12.el5_10.1.i386.rpm", "packageName": "openssl097a", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0626\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020345.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020346.html\n\n**Affected packages:**\nopenssl097a\nopenssl098e\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0626.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-06-05T13:21:51", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssl097a, openssl098e security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-06-05T13:38:36", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020345.html", "id": "CESA-2014:0626", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:31", "references": ["http://www.enigmail.net/", "http://www.karan.org/publickey.asc", "https://rhn.redhat.com/errata/RHSA-2014-0624.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-devel-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.x86_64.rpm", "packageName": "openssl-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.i686.rpm", "packageName": "openssl", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-0.9.8e-27.el5_10.3.src.rpm", "packageName": "openssl", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "0.9.8e-27.el5_10.3", "packageFilename": "openssl-perl-0.9.8e-27.el5_10.3.i386.rpm", "packageName": "openssl-perl", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0624\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nRed Hat would like to thank the OpenSSL project for reporting this issue.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof this issue.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020347.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020348.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020349.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0624.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-06-06T01:40:21", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "openssl security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224"], "modified": "2014-06-06T02:25:58", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020347.html", "id": "CESA-2014:0624", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:26:33", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0625.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl", "packageFilename": "openssl-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl-static", "packageFilename": "openssl-static-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageName": "openssl", "packageFilename": "openssl-1.0.1e-16.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageName": "openssl-perl", "packageFilename": "openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "any", "packageName": "openssl", "packageFilename": "openssl-1.0.1e-16.el6_5.14.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "i686", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.0.1e-16.el6_5.14", "arch": "x86_64", "packageName": "openssl-devel", "packageFilename": "openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0625\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues.\nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470.\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/020344.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0625.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-06-05T13:06:47", "title": "openssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-05T13:06:47", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/020344.html", "id": "CESA-2014:0625", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2018-12-06T13:23:55", "references": [], "description": "### *CVSS*:\n6.8\n\n### *Detect date*:\n06/27/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nVulnerabilities in the linked library were found in MySQL Workbench. By exploiting these vulnerabilities malicious users can obtain sensitive information. These vulnerabilities can be exploited remotely via man-in-the-middle attacks at a point related to OpenSSL.\n\n### *Affected products*:\nMySQL Workbench versions 6.1.6 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[MySQL bulletin](<http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[MySQL Workbench](<https://threats.kaspersky.com/en/product/MySQL-Workbench/>)\n\n### *CVE-IDS*:\n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>)", "edition": 29, "reporter": "Kaspersky Lab", "published": "2014-06-27T00:00:00", "title": "\r KLA10266OSI vulnerability in MySQL Workbench ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224"], "modified": "2018-12-04T00:00:00", "id": "KLA10266", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10266", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-06T13:23:22", "references": [], "description": "### *CVSS*:\n6.8\n\n### *Detect date*:\n06/10/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to obtain sensitive information, hijack a session or cause denial of service. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nESXi without patch ESXi550-201406401-SG versions 5.0, 5.1, 5.5 \nWorkstation 10 versions earlier than 10.0.3 \nWorkstation 9 versions earlier than 9.0.4 \nPlayer 6 versions earlier than 6.0.3 \nPlayer 5 versions earlier than 5.0.4 \nFusion 6 versions earlier than 6.0.4 \nFusion 5 versions earlier than 5.0.5 \nHorizon Mirage Edge Gateway versions earlier than 4.4.3 \nHorizon View versions earlier than 5.3.2 \nHorizon View 5.3 versions earlier than FP3 \nHorizon Workspace Server 1.5 without patch horizon-nginx-rpm-1.5.0.0-1876270.x86_64.rpm \nHorizon Workspace Server 1.8 without patch horizon-nginx-rpm-1.8.2.1820-1876338.x86_64.rpm \nHorizon View Clients versions earlier than 3.0 \nvCD 5.5 versions earlier than 5.5.1.2 \nvCD 5.1 versions earlier than 5.1.3.1 \nvCenter versions earlier than 5.5u1b vCenter Support \nAssistant versions earlier than 5.5.1.1 vCloud Automation \nCenter versions earlier than 6.0.1.2 vCenter Configuration \nManager versions earlier than 5.7.2 \nvCenter Converter Standalone versions earlier than 5.5.2 \nConverter Standalone versions earlier than 5.1.1 \n\n### *Solution*:\nUpdate to latest version \n[Vmware Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMware bulletin](<http://www.vmware.com/security/advisories/VMSA-2014-0006.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2014-0198](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198>) \n[CVE-2014-0224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224>) \n[CVE-2014-3470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470>) \n[CVE-2010-5298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>)", "edition": 28, "reporter": "Kaspersky Lab", "published": "2014-06-10T00:00:00", "title": "\r KLA10382Multiple vulnerabilities in VMware ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2018-12-04T00:00:00", "id": "KLA10382", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10382", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nmap": [{"lastseen": "2018-11-07T16:36:33", "references": [], "description": "Detects whether a server is vulnerable to the SSL/TLS \"CCS Injection\" vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle (https://gist.github.com/rcvalle/71f4b027d61a78c42607) \n\nIn order to exploit the vulnerablity, a MITM attacker would effectively do the following: \n\no Wait for a new TLS connection, followed by the ClientHello ServerHello handshake messages. \n\no Issue a CCS packet in both the directions, which causes the OpenSSL code to use a zero length pre master secret key. The packet is sent to both ends of the connection. Session Keys are derived using a zero length pre master secret key, and future session keys also share this weakness. \n\no Renegotiate the handshake parameters. \n\no The attacker is now able to decrypt or even modify the packets in transit. \n\nThe script works by sending a 'ChangeCipherSpec' message out of order and checking whether the server returns an 'UNEXPECTED_MESSAGE' alert record or not. Since a non-patched server would simply accept this message, the CCS packet is sent twice, in order to force an alert from the server. If the alert type is different than 'UNEXPECTED_MESSAGE', we can conclude the server is vulnerable.\n\n## Script Arguments \n\n#### tls.servername \n\nSee the documentation for the tls library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username \n\nSee the documentation for the mssql library. \n\n#### smtp.domain \n\nSee the documentation for the smtp library. \n\n#### randomseed, smbbasic, smbport, smbsign \n\nSee the documentation for the smb library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap -p 443 --script ssl-ccs-injection <target>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 443/tcp open https\n | ssl-ccs-injection:\n | VULNERABLE:\n | SSL/TLS MITM vulnerability (CCS Injection)\n | State: VULNERABLE\n | Risk factor: High\n | Description:\n | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n | 1.0.1h does not properly restrict processing of ChangeCipherSpec\n | messages, which allows man-in-the-middle attackers to trigger use\n | of a zero-length master key in certain OpenSSL-to-OpenSSL\n | communications, and consequently hijack sessions or obtain\n | sensitive information, via a crafted TLS handshake, aka the\n | \"CCS Injection\" vulnerability.\n |\n | References:\n | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n | http://www.cvedetails.com/cve/2014-0224\n |_ http://www.openssl.org/news/secadv_20140605.txt\n\n## Requires \n\n * nmap\n * shortport\n * sslcert\n * stdnse\n * vulns\n * tls\n * tableaux\n\n* * *\n", "edition": 13, "reporter": "Claudiu Perta <claudiu.perta@gmail.com>", "published": "2014-06-11T13:43:28", "title": "ssl-ccs-injection NSE Script", "type": "nmap", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0224"], "modified": "2018-11-06T15:07:01", "id": "NMAP:SSL-CCS-INJECTION.NSE", "href": "https://nmap.org/nsedoc/scripts/ssl-ccs-injection.html", "sourceData": "local nmap = require('nmap')\nlocal shortport = require('shortport')\nlocal sslcert = require('sslcert')\nlocal stdnse = require('stdnse')\nlocal vulns = require('vulns')\nlocal tls = require 'tls'\nlocal tableaux = require \"tableaux\"\n\ndescription = [[\nDetects whether a server is vulnerable to the SSL/TLS \"CCS Injection\"\nvulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi.\nThe script is based on the ccsinjection.c code authored by Ramon de C Valle\n(https://gist.github.com/rcvalle/71f4b027d61a78c42607)\n\nIn order to exploit the vulnerablity, a MITM attacker would effectively\ndo the following:\n\n o Wait for a new TLS connection, followed by the ClientHello\n ServerHello handshake messages.\n\n o Issue a CCS packet in both the directions, which causes the OpenSSL\n code to use a zero length pre master secret key. The packet is sent\n to both ends of the connection. Session Keys are derived using a\n zero length pre master secret key, and future session keys also\n share this weakness.\n\n o Renegotiate the handshake parameters.\n\n o The attacker is now able to decrypt or even modify the packets\n in transit.\n\nThe script works by sending a 'ChangeCipherSpec' message out of order and\nchecking whether the server returns an 'UNEXPECTED_MESSAGE' alert record\nor not. Since a non-patched server would simply accept this message, the\nCCS packet is sent twice, in order to force an alert from the server. If\nthe alert type is different than 'UNEXPECTED_MESSAGE', we can conclude\nthe server is vulnerable.\n]]\n\n---\n-- @usage\n-- nmap -p 443 --script ssl-ccs-injection <target>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 443/tcp open https\n-- | ssl-ccs-injection:\n-- | VULNERABLE:\n-- | SSL/TLS MITM vulnerability (CCS Injection)\n-- | State: VULNERABLE\n-- | Risk factor: High\n-- | Description:\n-- | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n-- | 1.0.1h does not properly restrict processing of ChangeCipherSpec\n-- | messages, which allows man-in-the-middle attackers to trigger use\n-- | of a zero-length master key in certain OpenSSL-to-OpenSSL\n-- | communications, and consequently hijack sessions or obtain\n-- | sensitive information, via a crafted TLS handshake, aka the\n-- | \"CCS Injection\" vulnerability.\n-- |\n-- | References:\n-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n-- | http://www.cvedetails.com/cve/2014-0224\n-- |_ http://www.openssl.org/news/secadv_20140605.txt\n\nauthor = \"Claudiu Perta <claudiu.perta@gmail.com>\"\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = { \"vuln\", \"safe\" }\ndependencies = {\"https-redirect\"}\n\nportrule = function(host, port)\n return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)\nend\n\nlocal Error = {\n NOT_VULNERABLE = 0,\n CONNECT = 1,\n PROTOCOL_MISMATCH = 2,\n SSL_HANDSHAKE = 3,\n TIMEOUT = 4\n}\n\n---\n-- Reads an SSL/TLS record and returns true if it's any fatal\n-- alert and false otherwise.\nlocal function fatal_alert(s)\n local status, buffer = tls.record_buffer(s)\n if not status then\n return false\n end\n\n local position, record = tls.record_read(buffer, 1)\n if record == nil then\n return false\n end\n\n if record.type ~= \"alert\" then\n return false\n end\n\n for _, body in ipairs(record.body) do\n if body.level == \"fatal\" then\n return true\n end\n end\n\n return false\nend\n\n---\n-- Reads an SSL/TLS record and returns true if it's a fatal,\n-- 'unexpected_message' alert and false otherwise.\nlocal function alert_unexpected_message(s)\n local status, buffer\n status, buffer = tls.record_buffer(s, buffer, 1)\n if not status then\n return false\n end\n\n local position, record = tls.record_read(buffer, 1)\n if record == nil then\n return false\n end\n\n if record.type ~= \"alert\" then\n -- Mark this as VULNERABLE, we expect an alert record\n return true,true\n end\n\n for _, body in ipairs(record.body) do\n if body.level == \"fatal\" and body.description == \"unexpected_message\" then\n return true,false\n end\n end\n\n return true,true\nend\n\nlocal function test_ccs_injection(host, port, version)\n local hello = tls.client_hello({\n [\"protocol\"] = version,\n -- Only negotiate SSLv3 on its own;\n -- TLS implementations may refuse to answer if SSLv3 is mentioned.\n [\"record_protocol\"] = (version == \"SSLv3\") and \"SSLv3\" or \"TLSv1.0\",\n -- Claim to support every cipher\n -- Doesn't work with IIS, but IIS isn't vulnerable\n [\"ciphers\"] = tableaux.keys(tls.CIPHERS),\n [\"compressors\"] = {\"NULL\"},\n [\"extensions\"] = {\n -- Claim to support common elliptic curves\n [\"elliptic_curves\"] = tls.EXTENSION_HELPERS[\"elliptic_curves\"](\n tls.DEFAULT_ELLIPTIC_CURVES),\n },\n })\n\n local status, err\n local s\n local specialized = sslcert.getPrepareTLSWithoutReconnect(port)\n if specialized then\n status, s = specialized(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", s)\n return false, Error.CONNECT\n end\n else\n s = nmap.new_socket()\n status, err = s:connect(host, port)\n if not status then\n stdnse.debug3(\"Connection to server failed: %s\", err)\n return false, Error.CONNECT\n end\n end\n\n -- Set a sufficiently large timeout\n s:set_timeout(10000)\n\n -- Send Client Hello to the target server\n status, err = s:send(hello)\n if not status then\n stdnse.debug1(\"Couldn't send Client Hello: %s\", err)\n s:close()\n return false, Error.CONNECT\n end\n\n -- Read response\n local done = false\n local i = 1\n local response\n repeat\n status, response, err = tls.record_buffer(s, response, i)\n if err == \"TIMEOUT\" or not status then\n stdnse.verbose1(\"No response from server: %s\", err)\n s:close()\n return false, Error.TIMEOUT\n end\n\n local record\n i, record = tls.record_read(response, i)\n if record == nil then\n stdnse.debug1(\"Unknown response from server\")\n s:close()\n return false, Error.NOT_VULNERABLE\n elseif record.protocol ~= version then\n stdnse.debug1(\"Protocol version mismatch (%s)\", version)\n s:close()\n return false, Error.PROTOCOL_MISMATCH\n elseif record.type == \"alert\" then\n for _, body in ipairs(record.body) do\n if body.level == \"fatal\" then\n stdnse.debug1(\"Fatal alert: %s\", body.description)\n -- Could be something else, but this lets us retry\n return false, Error.PROTOCOL_MISMATCH\n end\n end\n end\n\n if record.type == \"handshake\" then\n for _, body in ipairs(record.body) do\n if body.type == \"server_hello_done\" then\n stdnse.debug1(\"Handshake completed (%s)\", version)\n done = true\n end\n end\n end\n until done\n\n -- Send the change_cipher_spec message twice to\n -- force an alert in the case the server is not\n -- patched.\n\n -- change_cipher_spec message\n local ccs = tls.record_write(\n \"change_cipher_spec\", version, \"\\x01\")\n\n -- Send the first ccs message\n status, err = s:send(ccs)\n if not status then\n stdnse.debug1(\"Couldn't send first ccs message: %s\", err)\n s:close()\n return false, Error.SSL_HANDSHAKE\n end\n\n -- Optimistically read the first alert message\n -- Shorter timeout: we expect most servers will bail at this point.\n s:set_timeout(stdnse.get_timeout(host))\n -- If we got an alert right away, we can stop right away: it's not vulnerable.\n if fatal_alert(s) then\n s:close()\n return false, Error.NOT_VULNERABLE\n end\n -- Restore our slow timeout\n s:set_timeout(10000)\n\n -- Send the second ccs message\n status, err = s:send(ccs)\n if not status then\n stdnse.debug1(\"Couldn't send second ccs message: %s\", err)\n s:close()\n return false, Error.SSL_HANDSHAKE\n end\n\n -- Read the alert message\n local vulnerable\n status,vulnerable = alert_unexpected_message(s)\n\n -- Leave the target not vulnerable in case of an error. This could occur\n -- when running against a different TLS/SSL implementations (e.g., GnuTLS)\n if not status then\n stdnse.debug1(\"Couldn't get reply from the server (probably not OpenSSL)\")\n s:close()\n return false, Error.SSL_HANDSHAKE\n end\n\n if not vulnerable then\n stdnse.debug1(\"Server returned UNEXPECTED_MESSAGE alert, not vulnerable\")\n s:close()\n return false, Error.NOT_VULNERABLE\n else\n stdnse.debug1(\"Vulnerable - alert is not UNEXPECTED_MESSAGE\")\n s:close()\n return true\n end\nend\n\naction = function(host, port)\n local vuln_table = {\n title = \"SSL/TLS MITM vulnerability (CCS Injection)\",\n state = vulns.STATE.NOT_VULN,\n risk_factor = \"High\",\n description = [[\nOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\ndoes not properly restrict processing of ChangeCipherSpec messages,\nwhich allows man-in-the-middle attackers to trigger use of a zero\nlength master key in certain OpenSSL-to-OpenSSL communications, and\nconsequently hijack sessions or obtain sensitive information, via\na crafted TLS handshake, aka the \"CCS Injection\" vulnerability.\n ]],\n references = {\n 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224',\n 'http://www.cvedetails.com/cve/2014-0224',\n 'http://www.openssl.org/news/secadv_20140605.txt'\n }\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n\n -- client hello will support multiple versions of TLS. We only retry to fall\n -- back to SSLv3, which some implementations won't allow in combination with\n -- newer versions.\n for _, tls_version in ipairs({\"TLSv1.2\", \"SSLv3\"}) do\n local vulnerable, err = test_ccs_injection(host, port, tls_version)\n\n -- Return an explicit message in case of a TIMEOUT,\n -- to avoid considering this as not vulnerable.\n if err == Error.TIMEOUT then\n return \"No reply from server (TIMEOUT)\"\n end\n\n if err ~= Error.PROTOCOL_MISMATCH then\n if vulnerable then\n vuln_table.state = vulns.STATE.VULN\n end\n break\n end\n end\n\n return report:make_output(vuln_table)\nend\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "nmap": {"scriptType": "portrule", "categories": ["safe", "vuln"]}}], "debian": [{"lastseen": "2018-10-16T22:14:18", "references": [], "affectedPackage": [], "description": "Package: openssl\nVersion: 0.9.8o-4squeeze16\nCVE ID: CVE-2014-0224 CVE-2012-4929\n\nCVE-2014-0224\n\n This update updates the upstream fix for CVE-2014-0224 to address\n problems with renegotiation under some conditions.\n\n original text:\n KIKUCHI Masashi discovered that carefully crafted handshakes can\n force the use of weak keys, resulting in potential man-in-the-middle\n attacks.\n\nCVE-2012-4929\n\n ZLIB compression is now disabled by default. If you need\n to re-enable it for some reason, you can set the environment\n variable OPENSSL_NO_DEFAULT_ZLIB.\n\nIt's important that you upgrade the libssl0.9.8 package and not\njust the openssl package.\n\nAll applications linked to openssl need to be restarted. You can\nuse the tool checkrestart from the package debian-goodies to\ndetect affected programs or reboot your system.\n\n\n\nKurt\n\n", "edition": 1, "reporter": "Debian", "published": "2014-06-20T16:35:50", "title": "openssl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:18", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2012-4929"], "modified": "2014-06-20T16:35:50", "id": "DEBIAN:SSL-:00C17", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201406/msg00007.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:50:08", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.0.1e-2+deb7u11", "arch": "all", "packageFilename": "openssl_1.0.1e-2+deb7u11_all.deb", "packageName": "openssl", "operator": "lt"}], "description": "- - -------------------------------------------------------------------------\nDebian Security Advisory DSA-2950-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 16, 2014 http://www.debian.org/security/faq\n- - -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470\n\nThis update updates the upstream fix for CVE-2014-0224 to address \nproblems with CCS which could result in problems with the Postgres \ndatabase.\n\nIn addition this update disables ZLIB compress by default. If you need\nto re-enable it for some reason, you can set the environment variable\nOPENSSL_NO_DEFAULT_ZLIB.\n\nThis update also fixes a header declaration which could result in\nbuild failures in applications using OpenSSL.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u11. \n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-06-16T18:21:35", "title": "[SECURITY] [DSA 2950-2] openssl update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:50:08", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-16T18:21:35", "id": "DEBIAN:DSA-2950-2:DC295", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00141.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:59", "references": [], "affectedPackage": [], "description": "Package: openssl\nVersion: 0.9.8o-4squeeze15\nCVE ID: CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-3470 CVE-2014-0224\n\nCVE-2014-0195\n\n Jueri Aedla discovered that a buffer overflow in processing DTLS\n fragments could lead to the execution of arbitrary code or denial\n of service.\n\nCVE-2014-0221\n\n Imre Rad discovered the processing of DTLS hello packets is\n susceptible to denial of service.\n\nCVE-2014-0224\n\n KIKUCHI Masashi discovered that carefully crafted handshakes can\n force the use of weak keys, resulting in potential man-in-the-middle\n attacks.\n\nCVE-2014-3470\n\n Felix Groebert and Ivan Fratric discovered that the implementation of\n anonymous ECDH ciphersuites is suspectible to denial of service.\n\nCVE-2014-0076\n\n Fix for the attack described in the paper "Recovering\n OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"\n Reported by Yuval Yarom and Naomi Benger.\n\nAdditional information can be found at\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nAll applications linked to openssl need to be restarted. You can\nuse the tool checkrestart from the package debian-goodies to\ndetect affected programs or reboot your system.\n\nIt's important that you upgrade the libssl0.9.8 package and not\njust the openssl package.\n\n", "edition": 1, "reporter": "Debian", "published": "2014-06-05T19:36:19", "title": "openssl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:59", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-05T19:36:19", "id": "DEBIAN:SSL-:DD9E5", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201406/msg00002.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:25", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "1.0.1e-2+deb7u10", "arch": "all", "packageFilename": "openssl_1.0.1e-2+deb7u10_all.deb", "packageName": "openssl", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2950-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 05, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470\n\nMultiple vulnerabilities have been discovered in OpenSSL:\n\nCVE-2014-0195\n\n Jueri Aedla discovered that a buffer overflow in processing DTLS\n fragments could lead to the execution of arbitrary code or denial\n of service.\n\nCVE-2014-0221\n\n Imre Rad discovered the processing of DTLS hello packets is \n susceptible to denial of service.\n\nCVE-2014-0224\n\n KIKUCHI Masashi discovered that carefully crafted handshakes can\n force the use of weak keys, resulting in potential man-in-the-middle\n attacks.\n\nCVE-2014-3470\n\n Felix Groebert and Ivan Fratric discovered that the implementation of\n anonymous ECDH ciphersuites is suspectible to denial of service.\n\nAdditional information can be found at \nhttp://www.openssl.org/news/secadv_20140605.txt\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. All applications linked to openssl need to\nbe restarted. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There's\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2014-06-05T11:50:58", "title": "[SECURITY] [DSA 2950-1] openssl security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:25", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-3153", "CVE-2014-0221"], "modified": "2014-06-05T11:50:58", "id": "DEBIAN:DSA-2950-1:15DF5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00129.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kitploit": [{"lastseen": "2018-10-26T05:36:25", "references": ["https://github.com/adamcaudill/yawast"], "description": "[ ![](https://2.bp.blogspot.com/-algfRaVIWfc/V-iI2vn56KI/AAAAAAAAGNg/6iJi5E9gMJE2ndDEHpaq2k2QElXyzbqKACLcB/s1600/yawast.png) ](<https://2.bp.blogspot.com/-algfRaVIWfc/V-iI2vn56KI/AAAAAAAAGNg/6iJi5E9gMJE2ndDEHpaq2k2QElXyzbqKACLcB/s1600/yawast.png>)\n\n \nYAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: \n\n\n * TLS/SSL - Versions and cipher suites supported; common issues. \n * Information Disclosure - Checks for common information leaks. \n * Presence of Files or Directories - Checks for files or directories that could indicate a security issue. \n * Common Vulnerabilities \n * Missing Security Headers \nThis is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the ` --proxy ` parameter). \n \n** Installing ** \nThe simplest method to install is to use the RubyGem installer: \n` gem install yawast ` \nThis allows for simple updates ( ` gem update yawast ` ) and makes it easy to ensure that you are always using the latest version. \nYAWAST requires Ruby 2.2+, and is tested on Mac OSX and Linux (Windows should work; please open a ticket if you have issues). \n** Kali Rolling ** \nTo install on Kali, just run ` gem install yawast ` \\- all of the dependentcies are already installed. \n** Ubuntu 16.04 ** \nTo install YAWAST, you first need to install a couple packages via ` apt-get ` : \n\n \n \n sudo apt-get install ruby ruby-dev\n sudo gem install yawast\n\n** Mac OSX ** \nThe version of Ruby shipped with Mac OSX 10.11 is too old, so the recommended solution is to use RVM: \n\n \n \n gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3\n \\curl -sSL https://get.rvm.io | bash -s stable\n source ~/.rvm/scripts/rvm\n rvm install 2.2\n rvm use 2.2 --default\n gem install yawast\n\n \n** Tests ** \nThe following tests are performed: \n\n\n * _ (Generic) _ Info Disclosure: X-Powered-By header present \n * _ (Generic) _ Info Disclosure: X-Pingback header present \n * _ (Generic) _ Info Disclosure: X-Backend-Server header present \n * _ (Generic) _ Info Disclosure: X-Runtime header present \n * _ (Generic) _ Info Disclosure: Via header present \n * _ (Generic) _ Info Disclosure: PROPFIND Enabled \n * _ (Generic) _ TRACE Enabled \n * _ (Generic) _ X-Frame-Options header not present \n * _ (Generic) _ X-Content-Type-Options header not present \n * _ (Generic) _ Content-Security-Policy header not present \n * _ (Generic) _ Public-Key-Pins header not present \n * _ (Generic) _ X-XSS-Protection disabled header present \n * _ (Generic) _ SSL: HSTS not enabled \n * _ (Generic) _ Source Control: Common source control directories present \n * _ (Generic) _ Presence of crossdomain.xml or clientaccesspolicy.xml \n * _ (Generic) _ Presence of sitemap.xml \n * _ (Generic) _ Presence of WS_FTP.LOG \n * _ (Generic) _ Presence of RELEASE-NOTES.txt \n * _ (Generic) _ Presence of readme.html \n * _ (Generic) _ Missing cookie flags (Secure & HttpOnly) \n * _ (Generic) _ Search for common directories \n * _ (Apache) _ Info Disclosure: Module listing enabled \n * _ (Apache) _ Info Disclosure: Server version \n * _ (Apache) _ Info Disclosure: OpenSSL module version \n * _ (Apache) _ Presence of /server-status \n * _ (Apache) _ Presence of /server-info \n * _ (IIS) _ Info Disclosure: Server version \n * _ (ASP.NET) _ Info Disclosure: ASP.NET version \n * _ (ASP.NET) _ Info Disclosure: ASP.NET MVC version \n * _ (ASP.NET) _ Presence of Trace.axd \n * _ (ASP.NET) _ Presence of Elmah.axd \n * _ (ASP.NET) _ Debugging Enabled \n * _ (nginx) _ Info Disclosure: Server version \n * _ (PHP) _ Info Disclosure: PHP version \nCMS Detection: \n\n\n * Generic (Generator meta tag) _ [Real detection coming as soon as I get around to it...] _\nSSL Information: \n\n\n * Certificate details \n * Certificate chain \n * Supported ciphers \n * Maximum requests in a single connection \nChecks for the following SSL issues are performed: \n\n\n * Expired Certificate \n * Self-Signed Certificate \n * MD5 Signature \n * SHA1 Signature \n * RC4 Cipher Suites \n * Weak (< 128 bit) Cipher Suites \n * SWEET32 \nIn addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others. \n \n** TLS / SSL Testing ** \nYAWAST offers two modes for testing TLS / SSL - one is custom, and most useful for internal systems, and the other uses the [ SSL Labs ](<https://www.ssllabs.com/>) API. \n \n** Internal Mode ** \nTo use the custom internal TLS / SSL scanner (which uses your copy of OpenSSL), simply pass ` --internalssl ` on the command line. Here is a sample of the output generated by this tester. \n\n \n \n [I] Found X509 Certificate:\n [I] Issued To: sni67677.cloudflaressl.com / \n [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited\n [I] Version: 2\n [I] Serial: 14171089194524384184707003668844347326\n [I] Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni67677.cloudflaressl.com\n [I] Expires: 2016-09-11 23:59:59 UTC\n [I] Signature Algorithm: ecdsa-with-SHA256\n [I] Key: EC-prime256v1\n [I] Key Hash: 1a23d84441f9b811dc188bab42b2375873c42ba2\n [I] Extensions:\n [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96, \n [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE\n [I] keyUsage = critical, Digital Signature\n [I] basicConstraints = critical, CA:FALSE\n [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication\n [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, \n [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, \n [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, \n [I] Alternate Names:\n [I] sni67677.cloudflaressl.com\n [I] *.adamcaudill.com\n [I] *.bsidesknoxville.com\n [I] *.secrypto.com\n [I] *.smimp.org\n [I] *.underhandedcrypto.com\n [I] adamcaudill.com\n [I] bsidesknoxville.com\n [I] secrypto.com\n [I] smimp.org\n [I] underhandedcrypto.com\n [I] Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010\n \n [I] Certificate: Chain\n [I] Issued To: sni67677.cloudflaressl.com / \n [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited\n [I] Expires: 2016-09-11 23:59:59 UTC\n [I] Key: EC-prime256v1\n [I] Signature Algorithm: ecdsa-with-SHA256\n [I] Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010\n \n [I] Issued To: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited\n [I] Issuer: COMODO ECC Certification Authority / COMODO CA Limited\n [I] Expires: 2029-09-24 23:59:59 UTC\n [I] Key: EC-prime256v1\n [I] Signature Algorithm: ecdsa-with-SHA384\n [I] Hash: 75cfd9bc5cefa104ecc1082d77e63392ccba5291\n \n [I] Issued To: COMODO ECC Certification Authority / COMODO CA Limited\n [I] Issuer: AddTrust External CA Root / AddTrust AB\n [I] Expires: 2020-05-30 10:48:38 UTC\n [I] Key: EC-secp384r1\n [I] Signature Algorithm: sha384WithRSAEncryption\n [I] Hash: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca\n \n \n Qualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on\n \n Supported Ciphers (based on your OpenSSL version):\n Checking for TLSv1 suites (98 possible suites)\n [I] Version: TLSv1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA\n [I] Version: TLSv1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA\n [W] Version: TLSv1 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA\n Checking for TLSv1_2 suites (98 possible suites)\n [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-GCM-SHA384\n [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA384\n [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA\n [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256\n [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA256\n [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA\n [W] Version: TLSv1.2 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA\n Checking for TLSv1_1 suites (98 possible suites)\n [I] Version: TLSv1.1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA\n [I] Version: TLSv1.1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA\n [W] Version: TLSv1.1 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA\n Checking for SSLv3 suites (98 possible suites)\n\nThis version is more limited than the SSL Labs option, though will work in cases where SSL Labs is unable to connect to the target server. \n \n** SSL Labs Mode ** \nThe default mode is to use the SSL Labs API, which makes all users bound by their [ terms and conditions ](<https://www.ssllabs.com/downloads/Qualys_SSL_Labs_Terms_of_Use.pdf>) , and obviously results in the domain you are scanning being sent to them. \nThis mode is the most comprehensive, and contains far more data than the Internal Mode. Unless there is a good reason to use the Internal Mode, this is what you should use. \n \n** Usage ** \n\n\n * Standard scan: ` ./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--proxy localhost:8080] [--cookie SESSIONID=12345] `\n * HEAD-only scan: ` ./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345] `\n * SSL information: ` ./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers] `\n * CMS detection: ` ./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345] `\nFor detailed information, just call ` ./yawast -h ` to see the help page. To see information for a specific command, call ` ./yawast -h <command> ` for full details. \n \n** Using with Burp Suite ** \nBy default, Burp Suite's proxy listens on localhost at port 8080, to use YAWAST with Burp Suite (or any proxy for that matter), just add this to the command line: \n` --proxy localhost:8080 ` \n \n** Authenticated Testing ** \nFor authenticated testing, YAWAST allows you to specify a cookie to be passed via the ` --cookie ` parameter. \n` --cookie SESSIONID=1234567890 ` \n \n** Sample ** \nUsing ` scan ` \\- the normal go-to option, here's what you get when scanning my website: \n\n \n \n $yawast scan https://adamcaudill.com --tdessessioncount --dir\n __ _____ _ _ ___ _____ _____ \n \\ \\ / / _ \\| | | |/ _ \\ / ___|_ _|\n \\ V / /_\\ \\ | | / /_\\ \\\\ `--. | | \n \\ /| _ | |/\\| | _ | `--. \\ | | \n | || | | \\ /\\ / | | |/\\__/ / | | \n \\_/\\_| |_/\\/ \\/\\_| |_/\\____/ \\_/ \n \n YAWAST v0.3.0 - The YAWAST Antecedent Web Application Security Toolkit\n Copyright (c) 2013-2016 Adam Caudill <[email\u00a0protected]>\n Support & Documentation: https://github.com/adamcaudill/yawast\n Ruby 2.2.4-p230; OpenSSL 1.0.2f 28 Jan 2016 (x86_64-darwin15)\n \n Scanning: https://adamcaudill.com/\n \n DNS Information:\n [I] 104.28.27.55 (N/A)\n https://www.shodan.io/host/104.28.27.55\n https://censys.io/ipv4/104.28.27.55\n [I] 104.28.26.55 (N/A)\n https://www.shodan.io/host/104.28.26.55\n https://censys.io/ipv4/104.28.26.55\n [I] 2400:CB00:2048:1::681C:1A37 (N/A)\n https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37\n [I] 2400:CB00:2048:1::681C:1B37 (N/A)\n https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37\n [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all\n [I] MX: aspmx4.googlemail.com (30)\n [I] MX: aspmx.l.google.com (10)\n [I] MX: alt1.aspmx.l.google.com (20)\n [I] MX: aspmx2.googlemail.com (30)\n [I] MX: alt2.aspmx.l.google.com (20)\n [I] MX: aspmx3.googlemail.com (30)\n [I] MX: aspmx5.googlemail.com (30)\n [I] NS: vera.ns.cloudflare.com\n [I] NS: hal.ns.cloudflare.com\n \n [I] HEAD:\n [I] date: Fri, 16 Sep 2016 00:24:15 GMT\n [I] content-type: text/html; charset=UTF-8\n [I] connection: close\n [I] set-cookie: __cfduid=df78c5171c732bf2104fd8cc2dd82afd41473985455; expires=Sat, 16-Sep-17 00:24:15 GMT; path=/; domain=.adamcaudill.com; HttpOnly\n [I] vary: Accept-Encoding,Cookie\n [I] cache-control: max-age=3, must-revalidate\n [I] wp-super-cache: Served supercache file from PHP\n [I] last-modified: Fri, 16 Sep 2016 00:20:05 GMT\n [I] x-frame-options: sameorigin\n [I] strict-transport-security: max-age=15552000; preload\n [I] x-content-type-options: nosniff\n [I] server: cloudflare-nginx\n [I] cf-ray: 2e302ca911c550da-MIA\n \n [I] NOTE: Server appears to be Cloudflare; WAF may be in place.\n \n [I] X-Frame-Options Header: sameorigin\n [I] X-Content-Type-Options Header: nosniff\n [W] Content-Security-Policy Header Not Present\n [W] Public-Key-Pins Header Not Present\n \n [I] Cookies:\n [I] __cfduid=df78c5171c732bf2104fd8cc2dd82afd41473985455; expires=Sat, 16-Sep-17 00:24:15 GMT; path=/; domain=.adamcaudill.com; HttpOnly\n [W] Cookie missing Secure flag\n \n \n Beginning SSL Labs scan (this could take a minute or two)\n [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html\n ..........................................\n \n [I] IP: 104.28.27.55 - Grade: A+\n \n Certificate Information:\n [I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated\n [I] Common Names: [\"sni67677.cloudflaressl.com\"]\n [I] Alternative names:\n [I] sni67677.cloudflaressl.com\n [I] *.adamcaudill.com\n [I] *.bsidesknoxville.com\n [I] *.secrypto.com\n [I] *.smimp.org\n [I] *.underhandedcrypto.com\n [I] adamcaudill.com\n [I] bsidesknoxville.com\n [I] secrypto.com\n [I] smimp.org\n [I] underhandedcrypto.com\n [I] Not Before: 2016-08-13T00:00:00+00:00\n [I] Not After: 2017-02-12T23:59:59+00:00\n [I] Key: EC 256 (RSA equivalent: 3072)\n [I] Public Key Hash: b658ea09e127fafe0416588a17446b606499df6e\n [I] Version: 2\n [I] Serial: 18930702358496442989903109042193740748\n [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2\n [I] Signature algorithm: SHA256withECDSA\n [I] Extended Validation: No (Domain Control)\n [I] Certificate Transparency: No\n [I] OCSP Must Staple: No\n [I] Revocation information: CRL information available\n [I] Revocation information: OCSP information available\n [I] Revocation status: certificate not revoked\n [I] Extensions:\n [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96, \n [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE\n [I] keyUsage = critical, Digital Signature\n [I] basicConstraints = critical, CA:FALSE\n [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication\n [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, \n [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, \n [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, \n [I] Hash: 1ae6362e4fc377cccb6df6261838a5d9bb49663d\n https://censys.io/certificates?q=1ae6362e4fc377cccb6df6261838a5d9bb49663d\n https://crt.sh/?q=1ae6362e4fc377cccb6df6261838a5d9bb49663d\n \n Configuration Information:\n Protocol Support:\n [I] TLS 1.0\n [I] TLS 1.1\n [I] TLS 1.2\n \n Cipher Suite Support:\n [I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits\n [W] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - 112-bits - ECDHE-256-bits\n [I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits\n [I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits\n \n Handshake Simulation:\n [E] Android 2.3.7 - Simulation Failed\n [I] Android 4.0.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Android 4.1.1 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Android 4.2.2 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Android 4.3 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Android 4.4.2 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Android 5.0.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n [I] Android 6.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n [I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Chrome 51 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Firefox 46 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [E] IE 6 / XP - Simulation Failed\n [I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [E] IE 8 / XP - Simulation Failed\n [I] IE 8-10 / Win 7 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] IE 11 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] IE 11 / Win 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] IE 10 / Win Phone 8.0 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] IE 11 / Win Phone 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] IE 11 / Win Phone 8.1 Update - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] IE 11 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Edge 13 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Edge 13 / Win Phone 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [E] Java 6u45 - Simulation Failed\n [I] Java 7u25 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Java 8u31 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [E] OpenSSL 0.9.8y - Simulation Failed\n [I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n [I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n [I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n [I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n [I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n [I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n [I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Apple ATS 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] Yahoo Slurp Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n [I] YandexBot Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n \n Protocol & Vulnerability Information:\n [I] DROWN: No\n [I] Secure Renegotiation: secure renegotiation supported\n [I] POODLE (SSL): No\n [I] POODLE (TLS): No\n [I] Downgrade Prevention: Yes\n [I] Compression: No\n [I] Heartbleed: No\n [I] OpenSSL CCS (CVE-2014-0224): No\n [I] OpenSSL Padding Oracle (CVE-2016-2107): No\n [I] Forward Secrecy: Yes (all simulated clients)\n [I] OCSP Stapling: Yes\n [I] FREAK: No\n [I] Logjam: No\n [I] DH public server param (Ys) reuse: No\n [W] Protocol Intolerance: TLS 1.3\n \n TLS Session Request Limit: Checking number of requests accepted using 3DES suites...\n .....\n [I] TLS Session Request Limit: Connection terminated after 100 requests (TLS Reconnected)\n \n [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)\n \n [W] '/readme.html' found: https://adamcaudill.com/readme.html\n \n Searching for common directories...\n [I] Found Redirect: 'https://adamcaudill.com/0/ -> 'https://adamcaudill.com/'\n [I] Found Redirect: 'https://adamcaudill.com/1/ -> 'https://adamcaudill.com/2013/04/16/1password-pbkdf2-and-implementation-flaws/'\n [I] Found Redirect: 'https://adamcaudill.com/2/ -> 'https://adamcaudill.com/2015/01/01/2014-a-year-in-review/'\n [I] Found Redirect: 'https://adamcaudill.com/20/ -> 'https://adamcaudill.com/2015/01/01/2014-a-year-in-review/'\n [I] Found: 'https://adamcaudill.com/2003/'\n [I] Found: 'https://adamcaudill.com/2004/'\n [I] Found: 'https://adamcaudill.com/2005/'\n [I] Found: 'https://adamcaudill.com/2006/'\n [I] Found: 'https://adamcaudill.com/2007/'\n [I] Found: 'https://adamcaudill.com/2008/'\n [I] Found: 'https://adamcaudill.com/2009/'\n [I] Found: 'https://adamcaudill.com/2010/'\n [I] Found: 'https://adamcaudill.com/2011/'\n [I] Found: 'https://adamcaudill.com/2013/'\n [I] Found: 'https://adamcaudill.com/2014/'\n [I] Found: 'https://adamcaudill.com/2015/'\n [I] Found: 'https://adamcaudill.com/2016/'\n [I] Found Redirect: 'https://adamcaudill.com/A/ -> 'https://adamcaudill.com/2014/10/17/a-backdoor-by-any-other-name/'\n [I] Found: 'https://adamcaudill.com/About/'\n [I] Found Redirect: 'https://adamcaudill.com/Archive/ -> 'https://adamcaudill.com/archives/'\n [I] Found Redirect: 'https://adamcaudill.com/B/ -> 'https://adamcaudill.com/2005/09/22/back-from-new-york/'\n [I] Found: 'https://adamcaudill.com/Blog/'\n [I] Found Redirect: 'https://adamcaudill.com/C/ -> 'https://adamcaudill.com/2009/10/03/cancel-godaddys-domain-privacy/'\n [I] Found Redirect: 'https://adamcaudill.com/D/ -> 'https://adamcaudill.com/2006/06/02/data-theft-its-happened-again/'\n [I] Found Redirect: 'https://adamcaudill.com/E/ -> 'https://adamcaudill.com/2006/03/17/end-on-an-era/'\n [I] Found Redirect: 'https://adamcaudill.com/F/ -> 'https://adamcaudill.com/2011/05/14/facebook-scams/'\n [I] Found Redirect: 'https://adamcaudill.com/G/ -> 'https://adamcaudill.com/2003/11/26/get-cpu-speed/'\n [I] Found Redirect: 'https://adamcaudill.com/H/ -> 'https://adamcaudill.com/2011/05/21/happy-20th-birthday-visual-basic/'\n [I] Found Redirect: 'https://adamcaudill.com/Home/ -> 'https://adamcaudill.com/'\n [I] Found Redirect: 'https://adamcaudill.com/I/ -> 'https://adamcaudill.com/2007/02/10/i-love-my-job/'\n [I] Found Redirect: 'https://adamcaudill.com/Internet/ -> 'https://adamcaudill.com/2006/05/27/internet-explorer-7/'\n [I] Found Redirect: 'https://adamcaudill.com/J/ -> 'https://adamcaudill.com/2014/07/23/jumping-through-hoops-dot-dot-dot/'\n [I] Found Redirect: 'https://adamcaudill.com/L/ -> 'https://adamcaudill.com/lasers/'\n [I] Found Redirect: 'https://adamcaudill.com/M/ -> 'https://adamcaudill.com/2006/09/23/make-xp-pretty/'\n [I] Found Redirect: 'https://adamcaudill.com/N/ -> 'https://adamcaudill.com/2011/02/11/need-a-cheap-phone-charger-quick-buy-a-tracfone/'\n [I] Found Redirect: 'https://adamcaudill.com/O/ -> 'https://adamcaudill.com/2006/06/17/of-victory-and-pair-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/P/ -> 'https://adamcaudill.com/2003/10/31/pagesource/'\n [I] Found Redirect: 'https://adamcaudill.com/PHP/ -> 'https://adamcaudill.com/2005/03/01/phpbb-2-0-13-released-dumbss-coders-strike-again/'\n [I] Found Redirect: 'https://adamcaudill.com/Pages/ -> 'https://adamcaudill.com/2003/10/31/pagesource/'\n [I] Found Redirect: 'https://adamcaudill.com/R/ -> 'https://adamcaudill.com/2011/01/28/rails-3-dreamhost-ps/'\n [I] Found Redirect: 'https://adamcaudill.com/S/ -> 'https://adamcaudill.com/2016/05/22/seamless-phishing/'\n [I] Found Redirect: 'https://adamcaudill.com/Security/ -> 'https://adamcaudill.com/2014/03/23/security-by-buzzword-why-i-dont-support-ensafer/'\n [I] Found Redirect: 'https://adamcaudill.com/T/ -> 'https://adamcaudill.com/2007/01/21/task-management-with-tasks/'\n [I] Found Redirect: 'https://adamcaudill.com/U/ -> 'https://adamcaudill.com/2007/03/22/under-the-weather/'\n [I] Found Redirect: 'https://adamcaudill.com/US/ -> 'https://adamcaudill.com/2006/07/08/useful-notepad-tip/'\n [I] Found Redirect: 'https://adamcaudill.com/V/ -> 'https://adamcaudill.com/2006/05/10/valleyschwag/'\n [I] Found Redirect: 'https://adamcaudill.com/W/ -> 'https://adamcaudill.com/2006/11/28/want-a-free-copy-of-vista/'\n [I] Found Redirect: 'https://adamcaudill.com/Windows/ -> 'https://adamcaudill.com/2007/03/01/windows-vista-user-experience-guidelines/'\n [I] Found Redirect: 'https://adamcaudill.com/X/ -> 'https://adamcaudill.com/2007/01/25/xceed-datagrid-for-wpf-released-free/'\n [I] Found Redirect: 'https://adamcaudill.com/XML/ -> 'https://adamcaudill.com/2006/09/03/xml-notepad-2006/'\n [I] Found Redirect: 'https://adamcaudill.com/a/ -> 'https://adamcaudill.com/2014/10/17/a-backdoor-by-any-other-name/'\n [I] Found: 'https://adamcaudill.com/about/'\n [I] Found Redirect: 'https://adamcaudill.com/ad/ -> 'https://adamcaudill.com/2006/03/29/advanced-net-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/adv/ -> 'https://adamcaudill.com/2006/03/29/advanced-net-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/advanced/ -> 'https://adamcaudill.com/2006/03/29/advanced-net-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/ap/ -> 'https://adamcaudill.com/2003/11/17/apisettings/'\n [I] Found Redirect: 'https://adamcaudill.com/api/ -> 'https://adamcaudill.com/2003/11/17/apisettings/'\n [I] Found Redirect: 'https://adamcaudill.com/ar/ -> 'https://adamcaudill.com/archives/'\n [I] Found Redirect: 'https://adamcaudill.com/archive/ -> 'https://adamcaudill.com/archives/'\n [I] Found: 'https://adamcaudill.com/archives/'\n [I] Found Redirect: 'https://adamcaudill.com/asp/ -> 'https://adamcaudill.com/2007/01/25/aspnet-ajax/'\n [I] Found Redirect: 'https://adamcaudill.com/atom/ -> 'https://adamcaudill.com/feed/atom/'\n [I] Found Redirect: 'https://adamcaudill.com/avatars/ -> 'https://adamcaudill.com/2009/06/19/avatars-why-roll-your-own/'\n [I] Found Redirect: 'https://adamcaudill.com/b/ -> 'https://adamcaudill.com/2005/09/22/back-from-new-york/'\n [I] Found Redirect: 'https://adamcaudill.com/back/ -> 'https://adamcaudill.com/2005/09/22/back-from-new-york/'\n [I] Found Redirect: 'https://adamcaudill.com/backup/ -> 'https://adamcaudill.com/2007/08/27/backups-with-jungledrive/'\n [I] Found Redirect: 'https://adamcaudill.com/backups/ -> 'https://adamcaudill.com/2007/08/27/backups-with-jungledrive/'\n [I] Found Redirect: 'https://adamcaudill.com/bb/ -> 'https://adamcaudill.com/2011/05/21/bbpress-20-beta-1-released/'\n [I] Found Redirect: 'https://adamcaudill.com/bl/ -> 'https://adamcaudill.com/blog/'\n [I] Found: 'https://adamcaudill.com/blog/'\n [I] Found Redirect: 'https://adamcaudill.com/blue/ -> 'https://adamcaudill.com/2006/06/04/blue-hole-waterfall/'\n [I] Found Redirect: 'https://adamcaudill.com/build/ -> 'https://adamcaudill.com/2007/01/04/building-a-windows-powertoy/'\n [I] Found Redirect: 'https://adamcaudill.com/buy/ -> 'https://adamcaudill.com/2006/12/19/buying-a-car/'\n [I] Found Redirect: 'https://adamcaudill.com/c/ -> 'https://adamcaudill.com/2009/10/03/cancel-godaddys-domain-privacy/'\n [I] Found Redirect: 'https://adamcaudill.com/ca/ -> 'https://adamcaudill.com/2009/10/03/cancel-godaddys-domain-privacy/'\n [I] Found Redirect: 'https://adamcaudill.com/can/ -> 'https://adamcaudill.com/2009/10/03/cancel-godaddys-domain-privacy/'\n [I] Found Redirect: 'https://adamcaudill.com/cc/ -> 'https://adamcaudill.com/ccsrch/'\n [I] Found Redirect: 'https://adamcaudill.com/ccs/ -> 'https://adamcaudill.com/ccsrch/'\n [I] Found Redirect: 'https://adamcaudill.com/cgi-bin// -> 'https://adamcaudill.com/cgi-bin/'\n [I] Found Redirect: 'https://adamcaudill.com/ch/ -> 'https://adamcaudill.com/2010/08/06/christopher-adam-caudill-6lbs-7oz-born-822010/'\n [I] Found Redirect: 'https://adamcaudill.com/com/ -> 'https://adamcaudill.com/2006/03/11/common-sense-email/'\n [I] Found Redirect: 'https://adamcaudill.com/common/ -> 'https://adamcaudill.com/2006/03/11/common-sense-email/'\n [I] Found Redirect: 'https://adamcaudill.com/con/ -> 'https://adamcaudill.com/2003/11/11/conexant-formerly-rockwell-softmodem-hsf-modem/'\n [I] Found Redirect: 'https://adamcaudill.com/contact/ -> '/pgp/'\n [I] Found Redirect: 'https://adamcaudill.com/crypto/ -> 'https://adamcaudill.com/2016/03/12/crypto-crisis-fear-over-freedom/'\n [I] Found Redirect: 'https://adamcaudill.com/d/ -> 'https://adamcaudill.com/2006/06/02/data-theft-its-happened-again/'\n [I] Found Redirect: 'https://adamcaudill.com/dat/ -> 'https://adamcaudill.com/2006/06/02/data-theft-its-happened-again/'\n [I] Found Redirect: 'https://adamcaudill.com/data/ -> 'https://adamcaudill.com/2006/06/02/data-theft-its-happened-again/'\n [I] Found Redirect: 'https://adamcaudill.com/de/ -> 'https://adamcaudill.com/2012/07/27/decrypting-spark-saved-passwords/'\n [I] Found Redirect: 'https://adamcaudill.com/dec/ -> 'https://adamcaudill.com/2012/07/27/decrypting-spark-saved-passwords/'\n [I] Found Redirect: 'https://adamcaudill.com/detail/ -> 'https://adamcaudill.com/2006/09/03/detailed-css-changes-in-ie7/'\n [I] Found Redirect: 'https://adamcaudill.com/dev/ -> 'https://adamcaudill.com/2016/08/17/developers-placing-trust-in-strangers/'\n [I] Found Redirect: 'https://adamcaudill.com/devel/ -> 'https://adamcaudill.com/2016/08/17/developers-placing-trust-in-strangers/'\n [I] Found Redirect: 'https://adamcaudill.com/develop/ -> 'https://adamcaudill.com/2016/08/17/developers-placing-trust-in-strangers/'\n [I] Found Redirect: 'https://adamcaudill.com/developer/ -> 'https://adamcaudill.com/2016/08/17/developers-placing-trust-in-strangers/'\n [I] Found Redirect: 'https://adamcaudill.com/developers/ -> 'https://adamcaudill.com/2016/08/17/developers-placing-trust-in-strangers/'\n [I] Found Redirect: 'https://adamcaudill.com/development/ -> 'https://adamcaudill.com/2006/04/11/development-abstraction/'\n [I] Found Redirect: 'https://adamcaudill.com/do/ -> 'https://adamcaudill.com/2013/07/04/do-one-thing-right/'\n [I] Found Redirect: 'https://adamcaudill.com/e/ -> 'https://adamcaudill.com/2006/03/17/end-on-an-era/'\n [I] Found Redirect: 'https://adamcaudill.com/en/ -> 'https://adamcaudill.com/2006/03/17/end-on-an-era/'\n [I] Found Redirect: 'https://adamcaudill.com/error/ -> 'https://adamcaudill.com/2011/05/16/errors-on-gem-install-mysql2/'\n [I] Found Redirect: 'https://adamcaudill.com/errors/ -> 'https://adamcaudill.com/2011/05/16/errors-on-gem-install-mysql2/'\n [I] Found Redirect: 'https://adamcaudill.com/event/ -> 'https://adamcaudill.com/2006/09/24/eventargs-no-need-to-pass-a-new-instance/'\n [I] Found Redirect: 'https://adamcaudill.com/f/ -> 'https://adamcaudill.com/2011/05/14/facebook-scams/'\n [I] Found: 'https://adamcaudill.com/feed/'\n [I] Found: 'https://adamcaudill.com/files/'\n [I] Found Redirect: 'https://adamcaudill.com/firefox/ -> 'https://adamcaudill.com/2006/09/17/firefox-toys-errorzilla/'\n [I] Found Redirect: 'https://adamcaudill.com/first/ -> 'https://adamcaudill.com/2013/03/26/first-do-no-harm-developers-and-bad-apis/'\n [I] Found Redirect: 'https://adamcaudill.com/fr/ -> 'https://adamcaudill.com/2007/02/06/from-outlook-to-gmail-to-the-bat/'\n [I] Found Redirect: 'https://adamcaudill.com/g/ -> 'https://adamcaudill.com/2003/11/26/get-cpu-speed/'\n [I] Found Redirect: 'https://adamcaudill.com/get/ -> 'https://adamcaudill.com/2003/11/26/get-cpu-speed/'\n [I] Found Redirect: 'https://adamcaudill.com/go/ -> 'https://adamcaudill.com/2011/01/12/google-chrome-and-h-264/'\n [I] Found Redirect: 'https://adamcaudill.com/google/ -> 'https://adamcaudill.com/2011/01/12/google-chrome-and-h-264/'\n [I] Found Redirect: 'https://adamcaudill.com/gp/ -> 'https://adamcaudill.com/2012/05/13/gpg4win-idea/'\n [I] Found Redirect: 'https://adamcaudill.com/h/ -> 'https://adamcaudill.com/2011/05/21/happy-20th-birthday-visual-basic/'\n [I] Found Redirect: 'https://adamcaudill.com/holiday/ -> 'https://adamcaudill.com/2006/12/23/holiday-schwag/'\n [I] Found Redirect: 'https://adamcaudill.com/home/ -> 'https://adamcaudill.com/'\n [I] Found Redirect: 'https://adamcaudill.com/host/ -> 'https://adamcaudill.com/2011/04/11/hosting-change/'\n [I] Found Redirect: 'https://adamcaudill.com/hosting/ -> 'https://adamcaudill.com/2011/04/11/hosting-change/'\n [I] Found Redirect: 'https://adamcaudill.com/how/ -> 'https://adamcaudill.com/2006/02/26/how-it-projects-really-work/'\n [I] Found Redirect: 'https://adamcaudill.com/hp/ -> 'https://adamcaudill.com/2012/04/23/hp-folio-13/'\n [I] Found Redirect: 'https://adamcaudill.com/i/ -> 'https://adamcaudill.com/2007/02/10/i-love-my-job/'\n [I] Found Redirect: 'https://adamcaudill.com/ie/ -> 'https://adamcaudill.com/2007/01/10/ie-developer-toolbar/'\n [I] Found Redirect: 'https://adamcaudill.com/in/ -> 'https://adamcaudill.com/2006/07/07/in-comes-the-schwag/'\n [I] Found Redirect: 'https://adamcaudill.com/install/ -> 'https://adamcaudill.com/2006/11/18/installing-vista/'\n [I] Found Redirect: 'https://adamcaudill.com/internet/ -> 'https://adamcaudill.com/2006/05/27/internet-explorer-7/'\n [I] Found Redirect: 'https://adamcaudill.com/it/ -> 'https://adamcaudill.com/2006/02/26/its-official-ie7-is-cool/'\n [I] Found Redirect: 'https://adamcaudill.com/j/ -> 'https://adamcaudill.com/2014/07/23/jumping-through-hoops-dot-dot-dot/'\n [I] Found Redirect: 'https://adamcaudill.com/jump/ -> 'https://adamcaudill.com/2014/07/23/jumping-through-hoops-dot-dot-dot/'\n [I] Found Redirect: 'https://adamcaudill.com/k/ -> 'https://adamcaudill.com/2006/09/16/kill-capslock/'\n [I] Found Redirect: 'https://adamcaudill.com/l/ -> 'https://adamcaudill.com/lasers/'\n [I] Found Redirect: 'https://adamcaudill.com/link/ -> 'https://adamcaudill.com/2012/06/06/linkedin-a-little-common-sense/'\n [I] Found Redirect: 'https://adamcaudill.com/m/ -> 'https://adamcaudill.com/2006/09/23/make-xp-pretty/'\n [I] Found Redirect: 'https://adamcaudill.com/microsoft/ -> 'https://adamcaudill.com/2007/01/21/microsoft-mice-another-reason-to-love-them/'\n [I] Found Redirect: 'https://adamcaudill.com/mini/ -> 'https://adamcaudill.com/2012/05/13/minipwner/'\n [I] Found Redirect: 'https://adamcaudill.com/monitor/ -> 'https://adamcaudill.com/2012/06/10/monitor-iphone-http-s-traffic-with-fiddler/'\n [I] Found Redirect: 'https://adamcaudill.com/my/ -> 'https://adamcaudill.com/2012/03/31/my-5-minutes-of-infamy/'\n [I] Found Redirect: 'https://adamcaudill.com/n/ -> 'https://adamcaudill.com/2011/02/11/need-a-cheap-phone-charger-quick-buy-a-tracfone/'\n [I] Found Redirect: 'https://adamcaudill.com/ne/ -> 'https://adamcaudill.com/2011/02/11/need-a-cheap-phone-charger-quick-buy-a-tracfone/'\n [I] Found Redirect: 'https://adamcaudill.com/net/ -> 'https://adamcaudill.com/2006/11/08/net-framework-30-released/'\n [I] Found Redirect: 'https://adamcaudill.com/new/ -> 'https://adamcaudill.com/2016/01/01/new-atheism-the-philosophy-of-atheism/'\n [I] Found Redirect: 'https://adamcaudill.com/no/ -> 'https://adamcaudill.com/2006/10/05/not-not-a-good-idea/'\n [I] Found Redirect: 'https://adamcaudill.com/o/ -> 'https://adamcaudill.com/2006/06/17/of-victory-and-pair-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/of/ -> 'https://adamcaudill.com/2006/06/17/of-victory-and-pair-programming/'\n [I] Found Redirect: 'https://adamcaudill.com/on/ -> 'https://adamcaudill.com/2010/06/19/on-hiring/'\n [I] Found Redirect: 'https://adamcaudill.com/open/ -> 'https://adamcaudill.com/2007/02/02/opendns/'\n [I] Found Redirect: 'https://adamcaudill.com/p/ -> 'https://adamcaudill.com/2003/10/31/pagesource/'\n [I] Found Redirect: 'https://adamcaudill.com/page/ -> 'https://adamcaudill.com/2003/10/31/pagesource/'\n [I] Found Redirect: 'https://adamcaudill.com/page2/ -> 'https://adamcaudill.com/page/2/'\n [I] Found Redirect: 'https://adamcaudill.com/pages/ -> 'https://adamcaudill.com/2003/10/31/pagesource/'\n [I] Found Redirect: 'https://adamcaudill.com/pass/ -> 'https://adamcaudill.com/2013/05/07/password-hashing-no-silver-bullets/'\n [I] Found Redirect: 'https://adamcaudill.com/passw/ -> 'https://adamcaudill.com/2013/05/07/password-hashing-no-silver-bullets/'\n [I] Found Redirect: 'https://adamcaudill.com/passwor/ -> 'https://adamcaudill.com/2013/05/07/password-hashing-no-silver-bullets/'\n [I] Found Redirect: 'https://adamcaudill.com/password/ -> 'https://adamcaudill.com/2013/05/07/password-hashing-no-silver-bullets/'\n [I] Found: 'https://adamcaudill.com/pgp/'\n [I] Found: 'https://adamcaudill.com/photo/'\n [I] Found Redirect: 'https://adamcaudill.com/php/ -> 'https://adamcaudill.com/2005/03/01/phpbb-2-0-13-released-dumbss-coders-strike-again/'\n [I] Found Redirect: 'https://adamcaudill.com/pl/ -> 'https://adamcaudill.com/2016/05/01/plsql-developer-http-to-command-execution/'\n [I] Found Redirect: 'https://adamcaudill.com/pls/ -> 'https://adamcaudill.com/2016/05/01/plsql-developer-http-to-command-execution/'\n [I] Found Redirect: 'https://adamcaudill.com/power/ -> 'https://adamcaudill.com/2006/11/15/power-users-rejoice/'\n [I] Found Redirect: 'https://adamcaudill.com/pr/ -> 'https://adamcaudill.com/2008/12/21/programmers-are-expensive/'\n [I] Found Redirect: 'https://adamcaudill.com/pro/ -> 'https://adamcaudill.com/2008/12/21/programmers-are-expensive/'\n [I] Found Redirect: 'https://adamcaudill.com/prog/ -> 'https://adamcaudill.com/2008/12/21/programmers-are-expensive/'\n [I] Found Redirect: 'https://adamcaudill.com/program/ -> 'https://adamcaudill.com/2008/12/21/programmers-are-expensive/'\n [I] Found Redirect: 'https://adamcaudill.com/q/ -> 'https://adamcaudill.com/2012/04/05/quickpacket-hosting/'\n [I] Found Redirect: 'https://adamcaudill.com/r/ -> 'https://adamcaudill.com/2011/01/28/rails-3-dreamhost-ps/'\n [I] Found Redirect: 'https://adamcaudill.com/random/ -> 'https://adamcaudill.com/2005/02/28/random-user-agent-in-vb-net/'\n [I] Found Redirect: 'https://adamcaudill.com/read/ -> 'https://adamcaudill.com/reading/'\n [I] Found Redirect: 'https://adamcaudill.com/reg/ -> 'https://adamcaudill.com/2003/10/26/register-activex-typelibs/'\n [I] Found Redirect: 'https://adamcaudill.com/register/ -> 'https://adamcaudill.com/2003/10/26/register-activex-typelibs/'\n [I] Found Redirect: 'https://adamcaudill.com/religion/ -> 'https://adamcaudill.com/2015/01/12/religion-free-speech-freedom-from-offense/'\n [I] Found: 'https://adamcaudill.com/resume/'\n [I] Found Redirect: 'https://adamcaudill.com/rss/ -> 'https://adamcaudill.com/feed/'\n [I] Found Redirect: 'https://adamcaudill.com/rss2/ -> 'https://adamcaudill.com/feed/'\n [I] Found Redirect: 'https://adamcaudill.com/ru/ -> 'https://adamcaudill.com/2006/09/17/running-regedit-as-system/'\n [I] Found Redirect: 'https://adamcaudill.com/run/ -> 'https://adamcaudill.com/2006/09/17/running-regedit-as-system/'\n [I] Found Redirect: 'https://adamcaudill.com/s/ -> 'https://adamcaudill.com/2016/05/22/seamless-phishing/'\n [I] Found Redirect: 'https://adamcaudill.com/se/ -> 'https://adamcaudill.com/2016/05/22/seamless-phishing/'\n [I] Found Redirect: 'https://adamcaudill.com/secure/ -> 'https://adamcaudill.com/2010/02/01/secure-password-storage/'\n [I] Found Redirect: 'https://adamcaudill.com/security/ -> 'https://adamcaudill.com/2014/03/23/security-by-buzzword-why-i-dont-support-ensafer/'\n [I] Found Redirect: 'https://adamcaudill.com/server/ -> 'https://adamcaudill.com/2006/03/25/server-move/'\n [I] Found Redirect: 'https://adamcaudill.com/set/ -> 'https://adamcaudill.com/2003/10/31/setfocusbycaption/'\n [I] Found Redirect: 'https://adamcaudill.com/simple/ -> 'https://adamcaudill.com/2003/11/26/simple-ini-api/'\n [I] Found Redirect: 'https://adamcaudill.com/site/ -> 'https://adamcaudill.com/2006/10/30/site-updates/'\n [I] Found Redirect: 'https://adamcaudill.com/sp/ -> 'https://adamcaudill.com/2006/12/19/spam-gmail/'\n [I] Found Redirect: 'https://adamcaudill.com/spam/ -> 'https://adamcaudill.com/2006/12/19/spam-gmail/'\n [I] Found Redirect: 'https://adamcaudill.com/st/ -> 'https://adamcaudill.com/2009/07/18/start-up-tools-microsoft-bizspark/'\n [I] Found Redirect: 'https://adamcaudill.com/star/ -> 'https://adamcaudill.com/2009/07/18/start-up-tools-microsoft-bizspark/'\n [I] Found Redirect: 'https://adamcaudill.com/start/ -> 'https://adamcaudill.com/2009/07/18/start-up-tools-microsoft-bizspark/'\n [I] Found Redirect: 'https://adamcaudill.com/stat/ -> 'https://adamcaudill.com/2010/07/30/state-of-the-virus-art/'\n [I] Found Redirect: 'https://adamcaudill.com/state/ -> 'https://adamcaudill.com/2010/07/30/state-of-the-virus-art/'\n [I] Found Redirect: 'https://adamcaudill.com/super/ -> 'https://adamcaudill.com/2006/04/07/superstars-monkeys/'\n [I] Found Redirect: 'https://adamcaudill.com/sw/ -> 'https://adamcaudill.com/2009/06/13/switching-hosts-again/'\n [I] Found Redirect: 'https://adamcaudill.com/t/ -> 'https://adamcaudill.com/2007/01/21/task-management-with-tasks/'\n [I] Found Redirect: 'https://adamcaudill.com/task/ -> 'https://adamcaudill.com/2007/01/21/task-management-with-tasks/'\n [I] Found Redirect: 'https://adamcaudill.com/technology/ -> '/'\n [I] Found Redirect: 'https://adamcaudill.com/tool/ -> 'https://adamcaudill.com/tools/'\n [I] Found: 'https://adamcaudill.com/tools/'\n [I] Found Redirect: 'https://adamcaudill.com/u/ -> 'https://adamcaudill.com/2007/03/22/under-the-weather/'\n [I] Found Redirect: 'https://adamcaudill.com/up/ -> 'https://adamcaudill.com/2012/10/07/upek-windows-password-decryption/'\n [I] Found Redirect: 'https://adamcaudill.com/us/ -> 'https://adamcaudill.com/2006/07/08/useful-notepad-tip/'\n [I] Found Redirect: 'https://adamcaudill.com/v/ -> 'https://adamcaudill.com/2006/05/10/valleyschwag/'\n [I] Found Redirect: 'https://adamcaudill.com/var/ -> 'https://adamcaudill.com/2005/09/26/varticles/'\n [I] Found Redirect: 'https://adamcaudill.com/vb/ -> 'https://adamcaudill.com/2006/04/02/vb-the-dumbing-of-a-great-language/'\n [I] Found Redirect: 'https://adamcaudill.com/vi/ -> 'https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/'\n [I] Found Redirect: 'https://adamcaudill.com/vista/ -> 'https://adamcaudill.com/2006/11/16/vista-available-via-msdn/'\n [I] Found Redirect: 'https://adamcaudill.com/w/ -> 'https://adamcaudill.com/2006/11/28/want-a-free-copy-of-vista/'\n [I] Found Redirect: 'https://adamcaudill.com/web/ -> 'https://adamcaudill.com/2006/05/17/web-developer-toolbar-menu-for-opera/'\n [I] Found Redirect: 'https://adamcaudill.com/what/ -> 'https://adamcaudill.com/2006/04/24/what-a-surprise/'\n [I] Found Redirect: 'https://adamcaudill.com/why/ -> 'https://adamcaudill.com/2011/10/15/why-cringely-is-wrong-about-java/'\n [I] Found Redirect: 'https://adamcaudill.com/wiki/ -> 'https://adamcaudill.com/2010/12/01/wikileaks-biggest-problem-julian-assange/'\n [I] Found Redirect: 'https://adamcaudill.com/win/ -> 'https://adamcaudill.com/2007/03/01/windows-vista-user-experience-guidelines/'\n [I] Found Redirect: 'https://adamcaudill.com/windows/ -> 'https://adamcaudill.com/2007/03/01/windows-vista-user-experience-guidelines/'\n [I] Found Redirect: 'https://adamcaudill.com/wink/ -> 'https://adamcaudill.com/2006/04/15/wink-20/'\n [I] Found Redirect: 'https://adamcaudill.com/word/ -> 'https://adamcaudill.com/2006/07/30/wordpress-204/'\n [I] Found Redirect: 'https://adamcaudill.com/wordpress/ -> 'https://adamcaudill.com/2006/07/30/wordpress-204/'\n [I] Found Redirect: 'https://adamcaudill.com/work/ -> 'https://adamcaudill.com/2008/12/08/working-late-again/'\n [I] Found: 'https://adamcaudill.com/wp-content/'\n [I] Found: 'https://adamcaudill.com/wp-includes/'\n [I] Found Redirect: 'https://adamcaudill.com/x/ -> 'https://adamcaudill.com/2007/01/25/xceed-datagrid-for-wpf-released-free/'\n [I] Found Redirect: 'https://adamcaudill.com/xml/ -> 'https://adamcaudill.com/2006/09/03/xml-notepad-2006/'\n [I] Found Redirect: 'https://adamcaudill.com/y/ -> 'https://adamcaudill.com/2012/07/12/yahoos-associated-content-hacked/'\n [I] Found Redirect: 'https://adamcaudill.com/yahoo/ -> 'https://adamcaudill.com/2012/07/12/yahoos-associated-content-hacked/'\n [I] Found Redirect: 'https://adamcaudill.com/z/ -> 'https://adamcaudill.com/2004/12/18/zipsight-2004-1-released/'\n [I] Found Redirect: 'https://adamcaudill.com/zip/ -> 'https://adamcaudill.com/2004/12/18/zipsight-2004-1-released/'\n [I] Found Redirect: 'https://adamcaudill.com/zips/ -> 'https://adamcaudill.com/2004/12/18/zipsight-2004-1-released/'\n \n [I] Meta Generator: WordPress 4.6.1\n Scan complete.\n\n \n** About The Output ** \nYou'll notice that most lines begin with a letter in a bracket, this is to tell you how to interpret the result at a glance. There are four possible values: \n\n\n * [I] - This indicates that the line is informational, and doesn't necessarily indicate a security issue. \n * [W] - This is a Warning, which means that it could be an issue, or could expose useful information. These need to be evaluated on a case-by-case basis to determine the impact. \n * [V] - This is a Vulnerability, it indicates an issue that is known to be an issue, and needs to be addressed. \n * [E] - This indicates that an error occurred, sometimes these are serious and indicate an issue with your environment, the target server, or the application. In other cases, they may just be informational to let you know that something didn't go as planned. \nThe indicator used may change over time based on new research or better detection techniques. In all cases, results should be carefully evaluated within the context of the application, how it's used, and what threats apply. The indicator is guidance, a hint if you will, it's up to you to determine the real impact. \n \n \n\n\n** [ Download yawast ](<https://github.com/adamcaudill/yawast>) **\n", "edition": 9, "reporter": "KitPloit", "published": "2016-10-16T14:12:00", "title": "yawast - The YAWAST Antecedent Web Application Security Toolkit", "type": "kitploit", "enchantments": {"score": {"modified": "2018-10-26T05:36:25", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "tools", "cvelist": ["CVE-2014-0224", "CVE-2016-2107"], "modified": "2016-10-16T14:12:00", "toolHref": "http://www.kitploit.com/2016/10/yawast-yawast-antecedent-web.html", "id": "KITPLOIT:8024306166267359540", "href": "http://www.kitploit.com/2016/10/yawast-yawast-antecedent-web.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-26T03:32:59", "references": ["https://github.com/1N3/MassBleed"], "description": "[ ![](https://2.bp.blogspot.com/-R03rah0GmiI/VluZ4GxGkqI/AAAAAAAAE4I/EF_VR6RSZsw/s640/MassBleed.png) ](<https://2.bp.blogspot.com/-R03rah0GmiI/VluZ4GxGkqI/AAAAAAAAE4I/EF_VR6RSZsw/s1600/MassBleed.png>)\n\n \n** USAGE ** \n\n \n \n \u00a0sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]\n\n \n** ABOUT ** \nThis script has four main functions with the ability to proxy all connections: \n\n\n 1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16) \n 2. To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443) \n 3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single) \n 4. To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet) \n\n \n\n\n** PROXY: ** A proxy option has been added to scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work. \n \n** PROXY USAGE EXAMPLES: ** (example: sh massbleed.sh 192.168.0.0/16 0 0 proxy) (example: sh massbleed.sh 192.168.0.0/16 port 8443 proxy) (example: sh massbleed.sh 127.0.0.1 single 0 proxy) (example: sh massbleed.sh 192.168.0. subnet 0 proxy) \n \n** VULNERABILITIES: ** \n\n\n 1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160) \n 2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224) \n 3. Poodle SSLv3 vulnerability (CVE-2014-3566) \n \n\n\n** [ Download MassBleed ](<https://github.com/1N3/MassBleed>) **\n", "edition": 7, "reporter": "KitPloit", "published": "2015-12-09T20:20:00", "title": "MassBleed - Mass SSL Vulnerability Scanner", "type": "kitploit", "enchantments": {"score": {"modified": "2018-10-26T03:32:59", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "tools", "cvelist": ["CVE-2014-3566", "CVE-2014-0224", "CVE-2014-0160"], "modified": "2015-12-09T20:20:00", "toolHref": "https://github.com/1N3/MassBleed", "id": "KITPLOIT:6372579284509577146", "href": "http://www.kitploit.com/2015/12/massbleed-mass-ssl-vulnerability-scanner.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-31T19:37:27", "references": ["https://github.com/hahwul/a2sv.git", "https://github.com/sensepost/heartbleed-poc", "https://gist.github.com/martinseener/d50473228719a9554e6a", "https://github.com/supersam654/Poodle-Checker", "https://github.com/Tripwire/OpenSSL-CCS-Inject-Test", "https://github.com/hahwul/a2sv"], "description": "\n \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\n \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\n .o oOOOOOOOo \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d OOOo\n Ob.OOOOOOOo O \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2554\u255d .adOOOOOOO\n OboO'''''''''' \u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u255d ''''''''''OO\n OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo. `'OOOOOOOOOP,OOOOOOOOOOOB'\n `O'OOOO' `OOOOo'OOOOOOOOOOO` .adOOOOOOOOO'oOOO' `OOOOo\n .OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO\n OOOOO ''OOOOOOOOOOOOOOOO'` oOO\n oOOOOOba. .adOOOOOOOOOOba .adOOOOo.\n oOOOOOOOOOOOOOba. [email\u00a0protected]^OOOOOOOba. .adOOOOOOOOOOOO\n OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO'` ''OOOOOOOOOOOOO.OOOOOOOOOOOOOO\n 'OOOO' 'YOoOOOOMOIONODOO'` . ''OOROAOPOEOOOoOY' 'OOO'\n Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`\n : .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .\n . oOOP'%OOOOOOOOoOOOOOOO?oOOOOO?OOOO'OOo\n '%o OOOO'%OOOO%'%OOOOO'OOOOOO'OOO':\n `$' `OOOO' `O'Y ' `OOOO' o .\n . . OP' : o .\n :\n [Auto Scanning to SSL Vulnerability]\n [By Hahwul / www.hahwul.com]\n\n \n** 1\\. A2SV? ** \nAuto Scanning to SSL Vulnerability. \nHeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc \n \nA. Support Vulnerability \n \n\n\n> [CVE-2014-0160] CCS Injection \n[CVE-2014-0224] HeartBleed \n[CVE-2014-3566] SSLv3 POODLE \n[CVE-2015-0204] FREAK Attack \n[CVE-2015-4000] LOGJAM Attack \n\nB. Dev Plan \n \n\n\n> [DEV] DROWN Attack \n[PLAN] SSL ACCF \n\n \n** 2\\. How to Install? ** \nA. Download(clone) & Unpack A2SV \n\n\n> git clone [ https://github.com/hahwul/a2sv.git ](<https://github.com/hahwul/a2sv.git>) \ncd a2sv \n\nB. Install Python Package / OpenSSL \n \n\n\n> pip install argparse \npip install netaddr \n \napt-get install openssl \n\nC. Run A2SV \n \n\n\n> python a2sv.py -h \n\n \n** 3\\. How to Use? ** \n\n \n \n usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]\n optional arguments:\n -h, --help show this help message and exit\n -t TARGET, --target TARGET\n Target URL/IP Address\n -p PORT, --port PORT Custom Port / Default: 443\n -m MODULE, --module MODULE\n Check SSL Vuln with one module\n [h]: HeartBleed\n [c]: CCS Injection\n [p]: SSLv3 POODLE\n [f]: OpenSSL FREAK\n [l]: OpenSSL LOGJAM\n -u, --update Update A2SV (GIT)\n -v, --version Show Version\n\n[Scan SSL Vulnerability] \n \n\n\n> python a2sv.py -t 127.0.0.1 \npython a2sv.py -t 127.0.0.1 -m heartbleed \npython a2sv.py -t 127.0.0.1 -p 8111 \n\n[Update A2SV] \n \n\n\n> python a2sv.py -u \npython a2sv.py --update \n\n \n** 4\\. Support ** \nContact [email protected] \n \n \n** 5\\. Screenshot ** \n \n\n\n[ ![](https://3.bp.blogspot.com/-JTVRgOglZik/V6P9nDeMzDI/AAAAAAAAF9E/KiD4kfunpAcLBq0EUWdVSqM5ZXAgCa5iQCLcB/s640/A2SV.png) ](<https://3.bp.blogspot.com/-JTVRgOglZik/V6P9nDeMzDI/AAAAAAAAF9E/KiD4kfunpAcLBq0EUWdVSqM5ZXAgCa5iQCLcB/s1600/A2SV.png>)\n\n \n\n\n[ ![](https://4.bp.blogspot.com/-XqgAKEK43is/V6P9noUSgAI/AAAAAAAAF9I/xFyey4Hv-cIuswfBeEkm5qz7tJ0FlK7WACLcB/s640/A2SV_2.png) ](<https://4.bp.blogspot.com/-XqgAKEK43is/V6P9noUSgAI/AAAAAAAAF9I/xFyey4Hv-cIuswfBeEkm5qz7tJ0FlK7WACLcB/s1600/A2SV_2.png>)\n\n \n** 6\\. Code Reference Site ** \n\n\n> poodle : [ https://github.com/supersam654/Poodle-Checker ](<https://github.com/supersam654/Poodle-Checker>) \nheartbleed : [ https://github.com/sensepost/heartbleed-poc ](<https://github.com/sensepost/heartbleed-poc>) \nccs injection : [ https://github.com/Tripwire/OpenSSL-CCS-Inject-Test ](<https://github.com/Tripwire/OpenSSL-CCS-Inject-Test>) \nfreak : [ https://gist.github.com/martinseener/d50473228719a9554e6a ](<https://gist.github.com/martinseener/d50473228719a9554e6a>)\n\n \n \n\n\n** [ Download A2SV ](<https://github.com/hahwul/a2sv>) **\n", "edition": 9, "reporter": "KitPloit", "published": "2016-08-06T14:46:01", "title": "A2SV - Auto Scanning to SSL Vulnerability", "type": "kitploit", "enchantments": {"score": {"modified": "2018-10-31T19:37:27", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "tools", "cvelist": ["CVE-2015-4000", "CVE-2014-3566", "CVE-2014-0224", "CVE-2014-0160", "CVE-2015-0204"], "modified": "2016-08-06T14:46:01", "toolHref": "http://www.kitploit.com/2016/08/a2sv-auto-scanning-to-ssl-vulnerability.html", "id": "KITPLOIT:7553690576096019209", "href": "http://www.kitploit.com/2016/08/a2sv-auto-scanning-to-ssl-vulnerability.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:35:28", "references": ["https://bugzilla.novell.com/459468", "http://download.suse.com/patch/finder/?keywords=cf56900ecd68d8b418e857ef2c7b6136", "https://bugzilla.novell.com/880891", "https://bugzilla.novell.com/489641"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-doc-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406041231", "arch": "x86_64", "packageFilename": "openssl-devel-32bit-9-201406041231.x86_64.rpm", "packageName": "openssl-devel-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-0.9.7d-15.50.s390.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406060130", "arch": "s390x", "packageFilename": "openssl-32bit-9-201406060130.s390x.rpm", "packageName": "openssl-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406041231", "arch": "x86_64", "packageFilename": "openssl-32bit-9-201406041231.x86_64.rpm", "packageName": "openssl-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-devel-0.9.7d-15.50.i586.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-doc-0.9.7d-15.50.s390.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "9-201406060130", "arch": "s390x", "packageFilename": "openssl-devel-32bit-9-201406060130.s390x.rpm", "packageName": "openssl-devel-32bit", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-doc-0.9.7d-15.50.i586.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-doc-0.9.7d-15.50.s390x.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-0.9.7d-15.50.s390x.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390x", "packageFilename": "openssl-devel-0.9.7d-15.50.s390x.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "s390", "packageFilename": "openssl-devel-0.9.7d-15.50.s390.rpm", "packageName": "openssl-devel", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "i586", "packageFilename": "openssl-0.9.7d-15.50.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "0.9.7d-15.50", "arch": "x86_64", "packageFilename": "openssl-devel-0.9.7d-15.50.x86_64.rpm", "packageName": "openssl-devel", "operator": "lt"}], "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * ECC private key can leak on 32 bit platforms. (CVE-2011-4354)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2011-4354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4354</a>>\n\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-07T00:04:15", "title": "Security update for OpenSSL (critical)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2011-4354"], "modified": "2014-06-07T00:04:15", "id": "SUSE-SU-2014:0768-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:20:17", "references": ["https://bugzilla.novell.com/880891", "http://download.suse.com/patch/finder/?keywords=06090ed98c412d84909da7f988402089", "http://download.suse.com/patch/finder/?keywords=ae77e66ba2a03bee961e56bc2d1daee6"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-doc-0.9.8a-18.82.4.s390x.rpm", "packageName": "openssl-doc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-0.9.8a-18.45.77.1.i586.rpm", "packageName": "openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-32bit-0.9.8a-18.45.77.1.s390x.rpm", "packageName": "openssl-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-32bit-0.9.8a-18.82.4.x86_64.rpm", "packageName": "openssl-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-devel-32bit-0.9.8a-18.82.4.x86_64.rpm", "packageName": "openssl-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-doc-0.9.8a-18.45.77.1.s390x.rpm", "packageName": "openssl-doc", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-0.9.8a-18.45.77.1.s390x.rpm", "packageName": "openssl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-32bit-0.9.8a-18.82.4.s390x.rpm", "packageName": "openssl-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-devel-32bit-0.9.8a-18.82.4.s390x.rpm", "packageName": "openssl-devel-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-32bit-0.9.8a-18.45.77.1.x86_64.rpm", "packageName": "openssl-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-0.9.8a-18.82.4.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-devel-0.9.8a-18.82.4.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-devel-0.9.8a-18.45.77.1.s390x.rpm", "packageName": "openssl-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-devel-0.9.8a-18.82.4.i586.rpm", "packageName": "openssl-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-doc-0.9.8a-18.45.77.1.i586.rpm", "packageName": "openssl-doc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-doc-0.9.8a-18.82.4.x86_64.rpm", "packageName": "openssl-doc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-devel-0.9.8a-18.45.77.1.x86_64.rpm", "packageName": "openssl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-devel-32bit-0.9.8a-18.45.77.1.x86_64.rpm", "packageName": "openssl-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-doc-0.9.8a-18.45.77.1.x86_64.rpm", "packageName": "openssl-doc", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-devel-32bit-0.9.8a-18.45.77.1.s390x.rpm", "packageName": "openssl-devel-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-doc-0.9.8a-18.82.4.i586.rpm", "packageName": "openssl-doc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-0.9.8a-18.45.77.1.x86_64.rpm", "packageName": "openssl", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-devel-0.9.8a-18.82.4.s390x.rpm", "packageName": "openssl-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-0.9.8a-18.82.4.s390x.rpm", "packageName": "openssl", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "0.9.8a-18.82.4", "packageFilename": "openssl-0.9.8a-18.82.4.i586.rpm", "packageName": "openssl", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "0.9.8a-18.45.77.1", "packageFilename": "openssl-devel-0.9.8a-18.45.77.1.i586.rpm", "packageName": "openssl-devel", "arch": "i586", "operator": "lt"}], "description": "OpenSSL was updated to fix the following security vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-07T01:04:17", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for OpenSSL (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "modified": "2014-06-07T01:04:17", "id": "SUSE-SU-2014:0759-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00013.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:25:39", "references": ["https://bugzilla.novell.com/880891", "http://download.suse.com/patch/finder/?keywords=db2f8a5e6769133f6c66e3727010bfb8"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-x86", "packageFilename": "libopenssl0_9_8-x86-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl-devel", "packageFilename": "libopenssl-devel-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-06T00:04:19", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for OpenSSL (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "modified": "2014-06-06T00:04:19", "id": "SUSE-SU-2014:0759-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00004.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:45:28", "references": ["https://bugzilla.novell.com/880891"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.0m-18.53.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.0m-18.53.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "openssl-debugsource-1.0.0m-18.53.1.x86_64.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-32bit-1.0.0m-18.53.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "openssl-debugsource-1.0.0m-18.53.1.i586.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-1.0.0m-18.53.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "libopenssl-devel-1.0.0m-18.53.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.0m-18.53.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "openssl-debuginfo-1.0.0m-18.53.1.i586.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "noarch", "packageFilename": "openssl-doc-1.0.0m-18.53.1.noarch.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "ia64", "packageFilename": "libopenssl1_0_0-debuginfo-x86-1.0.0m-18.53.1.ia64.rpm", "packageName": "libopenssl1_0_0-debuginfo-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.0m-18.53.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "openssl-1.0.0m-18.53.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "ia64", "packageFilename": "libopenssl1_0_0-x86-1.0.0m-18.53.1.ia64.rpm", "packageName": "libopenssl1_0_0-x86", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.0m-18.53.1.i586.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "openssl-1.0.0m-18.53.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.0.0m-18.53.1", "arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.0m-18.53.1.x86_64.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}], "description": "The openssl library was updated to version 1.0.0m fixing various security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-06T12:04:17", "title": "update to version 1.0.0m (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-06T12:04:17", "id": "OPENSUSE-SU-2014:0765-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00009.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:50:35", "references": ["https://bugzilla.novell.com/880891"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-32bit-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "openssl-debuginfo-1.0.1h-1.60.1.i586.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "openssl-1.0.1h-11.48.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1h-11.48.1.i586.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "openssl-debugsource-1.0.1h-11.48.1.i586.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-32bit-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "noarch", "packageFilename": "openssl-doc-1.0.1h-11.48.1.noarch.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "openssl-1.0.1h-11.48.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "openssl-1.0.1h-1.60.1.x86_64.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.1h-11.48.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "libopenssl-devel-1.0.1h-11.48.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "openssl-1.0.1h-1.60.1.i586.rpm", "packageName": "openssl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-32bit-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl-devel-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "openssl-debugsource-1.0.1h-1.60.1.i586.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "openssl-debugsource-1.0.1h-1.60.1.x86_64.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.1h-1.60.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl-devel-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "i586", "packageFilename": "openssl-debuginfo-1.0.1h-11.48.1.i586.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1h-1.60.1.i586.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-32bit-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1h-11.48.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "openssl-debugsource-1.0.1h-11.48.1.x86_64.rpm", "packageName": "openssl-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.1h-1.60.1.x86_64.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "noarch", "packageFilename": "openssl-doc-1.0.1h-1.60.1.noarch.rpm", "packageName": "openssl-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "1.0.1h-11.48.1", "arch": "x86_64", "packageFilename": "openssl-debuginfo-1.0.1h-11.48.1.x86_64.rpm", "packageName": "openssl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-debuginfo-1.0.1h-1.60.1.x86_64.rpm", "packageName": "libopenssl1_0_0-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "1.0.1h-1.60.1", "arch": "i586", "packageFilename": "libopenssl-devel-1.0.1h-1.60.1.i586.rpm", "packageName": "libopenssl-devel", "operator": "lt"}], "description": "The openssl library was updated to version 1.0.1h fixing various security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully\n crafted handshake can force the use of weak keying material in OpenSSL\n SSL/TLS clients and servers.\n - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS\n handshake to an OpenSSL DTLS client the code can be made to recurse\n eventually crashing in a DoS attack.\n - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer\n overrun attack can be triggered by sending invalid DTLS fragments to an\n OpenSSL DTLS client or server. This is potentially exploitable to run\n arbitrary code on a vulnerable client or server.\n - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH\n ciphersuites are subject to a denial of service attack.\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-06T11:04:41", "title": "openssl: update to version 1.0.1h (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-06T11:04:41", "id": "OPENSUSE-SU-2014:0764-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00008.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:48:49", "references": ["https://bugzilla.novell.com/880891", "http://download.suse.com/patch/finder/?keywords=61cb4c46d00371ca48e4548ed26e4ea8", "https://bugzilla.novell.com/876282"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ia64", "packageFilename": "openssl1-doc-1.0.1g-0.16.1.ia64.rpm", "packageName": "openssl1-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ia64", "packageFilename": "openssl1-1.0.1g-0.16.1.ia64.rpm", "packageName": "openssl1", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "i586", "packageFilename": "libopenssl1-devel-1.0.1g-0.16.1.i586.rpm", "packageName": "libopenssl1-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "i586", "packageFilename": "openssl1-1.0.1g-0.16.1.i586.rpm", "packageName": "openssl1", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "i586", "packageFilename": "libopenssl1_0_0-1.0.1g-0.16.1.i586.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ia64", "packageFilename": "libopenssl1_0_0-x86-1.0.1g-0.16.1.ia64.rpm", "packageName": "libopenssl1_0_0-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ppc64", "packageFilename": "libopenssl1_0_0-1.0.1g-0.16.1.ppc64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ppc64", "packageFilename": "openssl1-doc-1.0.1g-0.16.1.ppc64.rpm", "packageName": "openssl1-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "x86_64", "packageFilename": "openssl1-doc-1.0.1g-0.16.1.x86_64.rpm", "packageName": "openssl1-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ppc64", "packageFilename": "openssl1-1.0.1g-0.16.1.ppc64.rpm", "packageName": "openssl1", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "s390x", "packageFilename": "openssl1-1.0.1g-0.16.1.s390x.rpm", "packageName": "openssl1", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-1.0.1g-0.16.1.x86_64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "x86_64", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.16.1.x86_64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "x86_64", "packageFilename": "openssl1-1.0.1g-0.16.1.x86_64.rpm", "packageName": "openssl1", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "s390x", "packageFilename": "openssl1-doc-1.0.1g-0.16.1.s390x.rpm", "packageName": "openssl1-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "s390x", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.16.1.s390x.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "s390x", "packageFilename": "libopenssl1_0_0-1.0.1g-0.16.1.s390x.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "x86_64", "packageFilename": "libopenssl1-devel-1.0.1g-0.16.1.x86_64.rpm", "packageName": "libopenssl1-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ia64", "packageFilename": "libopenssl1-devel-1.0.1g-0.16.1.ia64.rpm", "packageName": "libopenssl1-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ia64", "packageFilename": "libopenssl1_0_0-1.0.1g-0.16.1.ia64.rpm", "packageName": "libopenssl1_0_0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ppc64", "packageFilename": "libopenssl1-devel-1.0.1g-0.16.1.ppc64.rpm", "packageName": "libopenssl1-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "i586", "packageFilename": "openssl1-doc-1.0.1g-0.16.1.i586.rpm", "packageName": "openssl1-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "s390x", "packageFilename": "libopenssl1-devel-1.0.1g-0.16.1.s390x.rpm", "packageName": "libopenssl1-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Security Module", "OSVersion": "11.3", "packageVersion": "1.0.1g-0.16.1", "arch": "ppc64", "packageFilename": "libopenssl1_0_0-32bit-1.0.1g-0.16.1.ppc64.rpm", "packageName": "libopenssl1_0_0-32bit", "operator": "lt"}], "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * DTLS invalid fragment vulnerability. (CVE-2014-0195)\n * SSL_MODE_RELEASE_BUFFERS NULL pointer dereference. (CVE-2014-0198)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-0195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195</a>>\n * CVE-2014-0198\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-06T09:04:15", "title": "Security update for OpenSSL 1.0 (critical)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-06T09:04:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00006.html", "id": "SUSE-SU-2014:0762-1", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:28:45", "references": ["https://bugzilla.novell.com/859228", "https://bugzilla.novell.com/859924", "https://bugzilla.novell.com/869945", "https://bugzilla.novell.com/880891", "http://download.suse.com/patch/finder/?keywords=b76b151f2d2ff2b6064a21d179bb718f", "https://bugzilla.novell.com/860332", "https://bugzilla.novell.com/870192", "http://download.suse.com/patch/finder/?keywords=6cb273ec77c3138de899b696097344dc", "https://bugzilla.novell.com/862181"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac-32bit", "packageFilename": "libopenssl0_9_8-hmac-32bit-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-32bit", "packageFilename": "libopenssl0_9_8-32bit-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl", "packageFilename": "openssl-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "openssl-doc", "packageFilename": "openssl-doc-0.9.8j-0.58.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8", "packageFilename": "libopenssl0_9_8-0.9.8j-0.58.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0.9.8j-0.58.1", "packageName": "libopenssl0_9_8-hmac", "packageFilename": "libopenssl0_9_8-hmac-0.9.8j-0.58.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "OpenSSL was updated to fix several vulnerabilities:\n\n * SSL/TLS MITM vulnerability. (CVE-2014-0224)\n * DTLS recursion flaw. (CVE-2014-0221)\n * Anonymous ECDH denial of service. (CVE-2014-3470)\n * Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could\n have been recovered. (CVE-2014-0076)\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>\n <<a rel=\"nofollow\" href=\"http://www.openssl.org/news/secadv_20140605.txt\">http://www.openssl.org/news/secadv_20140605.txt</a>> .\n\n Additionally, the following non-security fixes and enhancements have been\n included in this release:\n\n * Ensure that the stack is marked non-executable on x86 32bit. On\n other processor platforms it was already marked as non-executable\n before. (bnc#870192)\n * IPv6 support was added to the openssl s_client and s_server command\n line tool. (bnc#859228)\n * The openssl command line tool now checks certificates by default\n against /etc/ssl/certs (this can be changed via the -CApath option).\n (bnc#860332)\n * The Elliptic Curve Diffie-Hellman key exchange selector was enabled\n and can be selected by kECDHE, kECDH, ECDH tags in the SSL cipher\n string. (bnc#859924)\n * If an optional openssl1 command line tool is installed in parallel,\n c_rehash uses it to generate certificate hashes in both OpenSSL 0\n and OpenSSL 1 style. This allows parallel usage of OpenSSL 0.9.8j\n and OpenSSL 1.x client libraries with a shared certificate store.\n (bnc#862181)\n\n Security Issues references:\n\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-0221\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221</a>>\n * CVE-2014-3470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470</a>>\n * CVE-2014-0076\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2014-06-06T01:05:59", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for OpenSSL (critical)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0076", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0221"], "modified": "2014-06-06T01:05:59", "id": "SUSE-SU-2014:0761-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00005.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "aix": [{"lastseen": "2018-08-31T00:08:38", "aixFileset": [{"productVersions": ["any"], "versionGte": "0.9.8.401", "fileset": "openssl.base", "versionLte": "0.9.8.2501", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "1.0.1.500", "fileset": "openssl.base", "versionLte": "1.0.1.510", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "12.9.8.1100", "fileset": "openssl.base", "versionLte": "12.9.8.2501", "productName": "aix"}], "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Jun 11 06:39:27 CDT 2014 \n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\n1.VULNERABILITY: AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability \n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0224\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n2. VULNERABILITY: AIX OpenSSL DTLS recursion flaw\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0221\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n3. VULNERABILITY: AIX OpenSSL DTLS invalid fragment vulnerability\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0195\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n4. VULNERABILITY: AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-0198\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n5. VULNERABILITY: AIX OpenSSL Anonymous ECDH denial of service\n\n PLATFORMS: AIX 5.3, 6.1 and 7.1\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below.\n\n THREAT: See below\n\n CVE Numbers: CVE-2014-3470\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION \n \n 1. CVE-2014-0224\n\tOpenSSL could allow a Man-in-the-middle(MITM) attacker to force the use of \n\tweak keying material in OpenSSL SSL/TLS clients and servers. The attacker \n\tcan decrypt and modify traffic from the attacked client and server. The \n\tattack can only be performed between a vulnerable client *and* server.\n\n 2. CVE-2014-0221\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker can send a invalid DTLS handshake to an OpenSSL DTLS client,\n\tresulting recursive execution of code and eventual crash.\n\n 3. CVE-2014-0195\n\tOpenSSL could allow an attacker to cause a \"buffer overrun\" situation. This \n\tis triggered when an attacker sends an invalid DTLS fragments to an OpenSSL \n\tDTLS client or server, and thus forcing it to run arbitrary code on a \n\tvulnerable client or server.\n\n 4. CVE-2014-0198\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the flaw in the do_ssl3_write function\n\tvia a NULL pointer dereference.\n\n 5. CVE-2014-3470\n\tOpenSSL could allow an attacker to cause Denial of Service information.\n\tThe attacker will be able to exploit the software's anonymous ECDH cipher \n\tsuites present within OpenSSL clients.\n\nII. CVSS\n\n 1. CVE-2014-0224\n CVSS Base Score: 5.8\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93586\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 2. CVE-2014-0221\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93587\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 3. CVE-2014-0195\n CVSS Base Score: 7.5\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93588\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 4. CVE-2014-0198\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93000\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n 5. CVE-2014-3470\n CVSS Base Score: 4.3\n CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/93589\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L openssl.base\n \n The following fileset levels are vulnerable:\n \n A. CVE-2014-0198\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n\n B. CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.510 key_w_fs\n openssl.base 0.9.8.401 0.9.8.2501 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2501 key_w_fs\n\n\nIV. SOLUTIONS\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n For Openssl 1.0.1 version - \n zcat openssl-1.0.1.511.tar.Z | tar xvf -\n For Openssl 0.9.8 version - \n zcat openssl-0.9.8.2502.tar.Z | tar xvf -\n For Openssl 12.9.8 version - \n zcat openssl-12.9.8.2502.tar.Z | tar xvf -\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n \n\nV. WORKAROUNDS\n \n No workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/systems/support\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\n\nVII. REFERENCES:\n\n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93586\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93587\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93588\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93000\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/93589\n CVE-2014-0224 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n CVE-2014-0221 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n CVE-2014-0195 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n CVE-2014-0198 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n CVE-2014-3470 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlOYa3QACgkQ4fmd+Ci/qhJMsQCeIm9hBmgNkQxOH80z74Du1Gt3\nldsAn3mM6Hl5+KNzs+2sTTxirF79+NJ+\n=Q2O7\n-----END PGP SIGNATURE-----\n", "edition": 3, "reporter": "CentOS Project", "published": "2014-06-11T06:39:27", "title": "AIX OpenSSL Vulnerabilities (Multiple CVEs)", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-11T06:39:27", "id": "OPENSSL_ADVISORY9.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:44", "references": ["https://usn.ubuntu.com/usn/usn-2232-1", "https://launchpad.net/bugs/1356843"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.21", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}], "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "edition": 3, "reporter": "Ubuntu", "published": "2014-08-18T00:00:00", "title": "OpenSSL regression", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-08-18T00:00:00", "id": "USN-2232-4", "href": "https://usn.ubuntu.com/2232-4/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:23", "references": ["https://usn.ubuntu.com/usn/usn-2232-1", "https://launchpad.net/bugs/1329297"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0.1-4ubuntu5.15", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.0.1f-1ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "1.0.1e-3ubuntu1.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}], "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "edition": 3, "reporter": "Ubuntu", "published": "2014-06-12T00:00:00", "title": "OpenSSL regression", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-12T00:00:00", "id": "USN-2232-2", "href": "https://usn.ubuntu.com/2232-2/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:16", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0224", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3470", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0195", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0221"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.0.1f-1ubuntu2.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0.1-4ubuntu5.14", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "1.0.1e-3ubuntu1.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.18", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}], "description": "J\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "edition": 3, "reporter": "Ubuntu", "published": "2014-06-05T00:00:00", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-05T00:00:00", "id": "USN-2232-1", "href": "https://usn.ubuntu.com/2232-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:45", "references": ["https://usn.ubuntu.com/usn/usn-2232-1", "https://launchpad.net/bugs/1332643"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1.0.1f-1ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "1.0.1e-3ubuntu1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0.1-4ubuntu5.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl1.0.0", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.9.8k-7ubuntu8.19", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libssl0.9.8", "operator": "lt"}], "description": "USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.\n\nOriginal advisory details:\n\nJ\u00fcri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195)\n\nImre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221)\n\nKIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224)\n\nFelix Gr\u00f6bert and Ivan Fratri\u0107 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)", "edition": 3, "reporter": "Ubuntu", "published": "2014-06-23T00:00:00", "title": "OpenSSL regression", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-23T00:00:00", "id": "USN-2232-3", "href": "https://usn.ubuntu.com/2232-3/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "references": [], "description": "Protection level downgrade attacks, multiple DTLS vulnerabilities, DoS.", "edition": 1, "reporter": "OPENSSL", "published": "2014-06-06T00:00:00", "title": "OpenSSL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:55", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-06T00:00:00", "id": "SECURITYVULNS:VULN:13810", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13810", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ics": [{"lastseen": "2018-08-31T01:37:46", "references": ["http://ics-cert.us-cert.gov/content/recommended-practices", "http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-14-198-03G", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298", "https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-14-198-03G Siemens OpenSSL Vulnerabilities (Update G)&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-14-198-03G&site_name=ICS-CERT", "http://www.siemens.com/cert/advisories", "http://support.automation.siemens.com/WW/view/de/98164677", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "http://www.siemens.com/automation/support-request", "https://ics-cert.us-cert.gov/Report-Incident?", "http://cwe.mitre.org/data/definitions/476.html", "http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P", "http://support.automation.siemens.com/WW/view/en/97654933", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-14-198-03G Siemens OpenSSL Vulnerabilities (Update G)&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-14-198-03G&site_name=ICS-CERT", "https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-14-198-03G", "http://ics-cert.us-cert.gov/", "http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P", "http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P", "http://cwe.mitre.org/data/definitions/119.html", "http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx", "http://www.us-cert.gov/cas/tips/ST04-014.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198", "http://www.us-cert.gov/privacy/", "http://cwe.mitre.org/data/definitions/362.html", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-14-198-03G", "http://support.automation.siemens.com/WW/view/en/99804563", "http://www.dhs.gov", "http://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.us-cert.gov/reading_room/emailscams_0905.pdf", "http://www.dhs.gov/report-cyber-risks", "https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-14-198-03G Siemens OpenSSL Vulnerabilities (Update G)&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-14-198-03G&site_name=ICS-CERT", "http://cwe.mitre.org/data/definitions/310.html"], "description": "## OVERVIEW\n\nThis updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site.\n\n### **\\--------- Begin Update G Part 1 of 3 --------**\n\nSiemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2, S7-1500, WinCC OA (PVSS), CP1543-1, Ruggedcom ROX 1, and ROX 2-based products.\n\n### **\\--------- End Update G Part 1 of 3 ----------**\n\nThese vulnerabilities could be exploited remotely. Exploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n## AFFECTED PRODUCTS\n\nThe following Siemens products are affected:\n\n### **\\--------- Begin Update G Part 2 of 3 --------**\n\n * APE (only affected if SSL/TLS component is used):\n * APE stand-alone: All versions prior to V2.0.2,\n * ELAN on APE: All versions prior to V8.4.0,\n * CP1543-1: prior to Version 1.1.25,\n * ROX 1: all versions prior to V1.16.1 (only affected if Crossbow is installed),\n * ROX 2: all versions prior to V2.6.0 (only affected if ELAN or Crossbow is installed),\n * Crossbow: All versions prior to V4.2.3\n * ELAN: All versions prior to V8.4.0\n * S7-1500: versions prior to Version 1.6, and\n * WinCC OA (PVSS): Version 3.12-P001\u20133.12-P008\n\n### **\\--------- End Update G Part 2 of 3 ----------**\n\n## IMPACT\n\nThe vulnerabilities identified could impact authenticity, integrity, and availability of affected devices. The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSiemens is a multinational company headquartered in Munich, Germany. Siemens develops products mainly in the energy, healthcare and public health sectors, and transportation systems.\n\nThe affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### MAN-IN-THE-MIDDLEa\n\nAn attacker could perform a man-in-the-middle (MitM) attack between a vulnerable client and a vulnerable server. This vulnerability affects ROX, APE, S7-1500, and CP1543-1.\n\nCVE-2014-0224b has been assigned to this vulnerability. A CVSS v2 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:P/I:P/A:P).c\n\n### IMPROPER INPUT VALIDATIONd\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2014-0198e has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).f\n\n### IMPROPER INPUT VALIDATIONg\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the SIMATIC S7-1500.\n\nCVE-2010-5298h has been assigned to this vulnerability. A CVSS v2 base score of 4.0 has been assigned; the CVSS vector string is (AV:N/AC:H/Au:N/C:N/I:P/A:P).i\n\n### IMPROPER INPUT VALIDATIONj\n\nSpecially crafted packets may crash the web server of the product. This vulnerability affects the WinCC OA (PVSS).\n\nCVE-2014-3470k has been assigned to this vulnerability. A CVSS v2 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:P).l\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThese vulnerabilities could be exploited remotely.\n\n#### EXISTENCE OF EXPLOIT\n\nExploits that target OpenSSL vulnerabilities are publicly available. ICS-CERT is unaware of any OpenSSL exploits that target Siemens\u2019 products specifically.\n\n#### DIFFICULTY\n\nAn attacker with a moderate skill would be able to exploit these vulnerabilities.\n\n## MITIGATION\n\nSiemens provides updates for the following products:\n\n### **\\--------- Begin Update G Part 3 of 3 --------**\n\nAPE 2.0.2 stand-alone available at:\n\n<http://support.automation.siemens.com/WW/view/en/97654933>\n\nS7-1500: update to Version 1.6 at:\n\n<http://support.automation.siemens.com/WW/view/de/98164677>\n\nWinCC OA (PVSS) available at the Siemens[ ETM portal](<https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=https://portal.etm.at/index.php?option=com_user&view=login&return=aHR0cHM6Ly9wb3J0YWwuZXRtLmF0L2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRleHQmdmlldz1jYXRlZ29yeSZpZD02NSZsYXlvdXQ9YmxvZyZJdGVtaWQ9ODA=>).\n\nCP1543-1 update to Version V1.1.25 at:\n\n<http://support.automation.siemens.com/WW/view/en/99804563>\n\nUpdated firmware for Ruggedcom ROX-based devices and ELAN software can be obtained for free from the following contact points:\n\n * Submit a support request to Siemens online:\n * <http://www.siemens.com/automation/support-request>\n * Call a local hotline center:\n * <http://www.automation.siemens.com/mcms/aspa-db/en/automation-technology/Pages/default.aspx>\n\nUpdate Debian using the standard update procedures if eLAN is installed on a Linux system.\n\n### **\\--------- End Update G Part 3 of 3 ----------**\n\nSiemens provides specific advice for mitigating risk in each of the affected products in SSA\u2011234763, which can be found at its web site at the following location:\n\n<http://www.siemens.com/cert/advisories>\n\nICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: <http://ics-cert.us-cert.gov/content/recommended-practices>. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<http://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>) ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<http://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), that is available for download from the ICS-CERT web site (<http://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\nIn addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:\n\n 1. Do not click web links or open unsolicited attachments in email messages.\n 2. Refer to Recognizing and Avoiding Email Scamsm for more information on avoiding email scams.\n 3. Refer to Avoiding Social Engineering and Phishing Attacksn for more information on social engineering attacks.\n * a. CWE-310: Cryptographic Issues, <http://cwe.mitre.org/data/definitions/310.html>, web site last accessed July 17, 2014.\n * b. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224>, web site last accessed July 17, 2014.\n * c. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P>), web site last accessed July 17, 2014.\n * d. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, <http://cwe.mitre.org/data/definitions/119.html>, web site last accessed July 17, 2014.\n * e. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198>, web site last accessed July 17, 2014.\n * f. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P>), web site last accessed July 17, 2014.\n * g. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), <http://cwe.mitre.org/data/definitions/362.html>, web site last accessed July 17, 2014.\n * h. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298>, web site last accessed July 17, 2014.\n * i. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:H/Au:N/C:N/I:P/A:P>), web site last accessed July 17, 2014.\n * j. CWE-476: NULL Pointer Dereference, <http://cwe.mitre.org/data/definitions/476.html>, web site last accessed July 17, 2014.\n * k. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470>, web site last accessed July 17, 2014.\n * l. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P>), web site last accessed July 17, 2014.\n * m. Recognizing and Avoiding Email Scams, <http://www.us-cert.gov/reading_room/emailscams_0905.pdf>, web site last accessed July 17, 2014.\n * n. National Cyber Alert System Cyber Security Tip ST04-014, <http://www.us-cert.gov/cas/tips/ST04-014.html>, web site last accessed July 17, 2014.\n", "edition": 6, "reporter": "Industrial Control Systems Cyber Emergency Response Team", "published": "2015-02-17T00:00:00", "title": "Siemens OpenSSL Vulnerabilities (Update G)", "type": "ics", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2018-08-29T00:00:00", "id": "ICSA-14-198-03G", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-14-198-03G", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:49", "references": ["http://www.openssl.org/news/secadv_20140605.txt"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mingw32-openssl", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1_13", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openssl", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.4_12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "8.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.0.1h", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "mingw32-openssl", "operator": "lt"}], "description": "\nThe OpenSSL Project reports:\n\nAn attacker using a carefully crafted handshake can force\n\t the use of weak keying material in OpenSSL SSL/TLS clients\n\t and servers. This can be exploited by a Man-in-the-middle\n\t (MITM) attack where the attacker can decrypt and modify\n\t traffic from the attacked client and server. [CVE-2014-0224]\nBy sending an invalid DTLS handshake to an OpenSSL DTLS\n\t client the code can be made to recurse eventually crashing\n\t in a DoS attack. [CVE-2014-0221]\nA buffer overrun attack can be triggered by sending invalid\n\t DTLS fragments to an OpenSSL DTLS client or server. This is\n\t potentially exploitable to run arbitrary code on a vulnerable\n\t client or server. [CVE-2014-0195]\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are\n\t subject to a denial of service attack. [CVE-2014-3470]\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-06-05T00:00:00", "title": "OpenSSL -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2014-0195", "CVE-2014-0221"], "modified": "2014-06-05T00:00:00", "id": "5AC53801-EC2E-11E3-9CF3-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/5ac53801-ec2e-11e3-9cf3-3c970e169bc2.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:29", "references": [], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "3.3.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Usage Meter", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "5.0.4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Player", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "Pivotal Web Server 5.4.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vFabric Web Server", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.4.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Pivotal Web Server", "operator": "lt"}, {"OS": "OSX", "OSVersion": "any", "packageVersion": "3.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1u2a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCSA", "operator": "lt"}, {"OS": "windows", "OSVersion": "any", "packageVersion": "5.0u3a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.1.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Site Recovery Manager", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "3.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0.4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VDDK", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0u3a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Server", "operator": "lt"}, {"OS": "windows", "OSVersion": "any", "packageVersion": "5.5u1b", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.2.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Site Recovery Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.8", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Replication", "operator": "lt"}, {"OS": "windows", "OSVersion": "any", "packageVersion": "5.5u1b", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Update Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.1.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Support Assistant", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VDDK", "operator": "lt"}, {"OS": "OSX", "OSVersion": "any", "packageVersion": "1.8.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon Workspace Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VDDK", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.7.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Operations Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1u2a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Server", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.3 Feature Pack 3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Feature Pack", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "3.2.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "NVP", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.2.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCloud Networking and Security", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "1.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ITBM Standard", "operator": "lt"}, {"OS": "IOS", "OSVersion": "any", "packageVersion": "3.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.4.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCloud Networking and Security", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.7", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Data Protection", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5u1b", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCSA", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "9.0.4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Workstation", "operator": "lt"}, {"OS": "Mac OS", "OSVersion": "any", "packageVersion": "6.0.4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Fusion", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "2.6.0.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Studio", "operator": "eq"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.0.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vMA (Management Assistant)", "operator": "eq"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi550-201406401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "6.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Player", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Converter Standalone", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "horizon-nginx-rpm-1.8.2.1820-1876338.x86_64.rpm", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon Workspace Server", "operator": "lt"}, {"OS": "Mac OS", "OSVersion": "any", "packageVersion": "5.0.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Fusion", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "4.0.4", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "NSX for Multi-Hypervisor", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "6.0.1.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCloud Automation Center", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.1.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCD", "operator": "lt"}, {"OS": "Android", "OSVersion": "any", "packageVersion": "3.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "6.0.5", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "NSX for vSphere", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi500-201407401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "Windows/Linux", "OSVersion": "any", "packageVersion": "10.0.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Workstation", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.3.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5 Update 2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere SDK for Perl", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "2.6.0.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Chargeback Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0u3a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCSA", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.7.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter ConfigurationManager (VCM)", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "4.4.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon Mirage Edge Gateway", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.3.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCD", "operator": "lt"}, {"OS": "Windows", "OSVersion": "any", "packageVersion": "1.8.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon Workspace Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Converter Standalone", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "3.5.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "OVF Tool", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.0.3.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Site Recovery Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "4.1.3", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "NSX for Multi-Hypervisor", "operator": "lt"}, {"OS": "ESXi", "OSVersion": "any", "packageVersion": "ESXi510-201406401-SG", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "ESXi", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5.1.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Replication", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.1.11", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Data Protection", "operator": "eq"}, {"OS": "WindowsStore", "OSVersion": "any", "packageVersion": "3.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon View Client", "operator": "lt"}, {"OS": "windows", "OSVersion": "any", "packageVersion": "5.1u2a", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vSphere Client", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "2.0.0", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Big Data Extensions", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "2.6.0.1", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Charge Back Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.5u1b", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Server", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "5.8.2", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "vCenter Operations Manager", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "horizon-nginx-rpm-1.5.0.0-1876270.x86_64.rpm", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "Horizon Workspace Server", "operator": "lt"}, {"OS": "any", "OSVersion": "any", "packageVersion": "1.12", "arch": "any", "packageFilename": "UNKNOWN", "packageName": "VIX API", "operator": "eq"}], "description": "a. OpenSSL update for multiple products. \n\n\nOpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.\n\nCVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.\n\nCVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. \n \nCVE-2014-0224 may lead to a Man-in-the-Middle attack if a server is running a vulnerable version of OpenSSL 1.0.1 and clients are running a vulnerable version of OpenSSL 0.9.8 or 1.0.1. Updating the server will mitigate this issue for both the server and all affected clients. \n \nCVE-2014-0224 may affect products differently depending on whether the product is acting as a client or a server and of which version of OpenSSL the product is using. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. \n \n**MITIGATIONS \n \n**\n\n * Clients that communicate with a patched or non-vulnerable server are not vulnerable to CVE-2014-0224. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below).\n * Clients that communicate over untrusted networks such as public Wi-Fi and communicate to a server running a vulnerable version of OpenSSL 1.0.1. can be mitigated by using a secure network such as VPN (see Table 2 below). \n * Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.\n\n \n**RECOMMENDATIONS** \n \nVMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. \n \nVMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.\n\nColumn 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.\n\n_**Table 1**_\n\nAffected servers running a vulnerable version of OpenSSL 1.0.1.\n", "edition": 3, "reporter": "VMware", "published": "2014-06-10T00:00:00", "title": "VMware product updates address OpenSSL security vulnerabilities", "type": "vmware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0198"], "modified": "2014-10-09T00:00:00", "id": "VMSA-2014-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0006.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:40", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8za-i486-1_slack13.37.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-0.9.8za-i486-1_slack13.37.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1h", "arch": "x86_64", "packageFilename": "openssl-1.0.1h-x86_64-1_slack14.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1h", "arch": "x86_64", "packageFilename": "openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1h", "arch": "i486", "packageFilename": "openssl-solibs-1.0.1h-i486-1_slack14.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8za-i486-1_slack13.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-0.9.8za-x86_64-1_slack13.37.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-0.9.8za-x86_64-1_slack13.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1h", "arch": "x86_64", "packageFilename": "openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1h", "arch": "x86_64", "packageFilename": "openssl-1.0.1h-x86_64-1_slack14.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-0.9.8za-x86_64-1_slack13.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "1.0.1h", "arch": "i486", "packageFilename": "openssl-1.0.1h-i486-1_slack14.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-0.9.8za-i486-1_slack13.0.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1h", "arch": "i486", "packageFilename": "openssl-1.0.1h-i486-1_slack14.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "0.9.8za", "arch": "x86_64", "packageFilename": "openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "1.0.1h", "arch": "i486", "packageFilename": "openssl-solibs-1.0.1h-i486-1_slack14.1.txz", "packageName": "openssl-solibs", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-0.9.8za-i486-1_slack13.1.txz", "packageName": "openssl", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "0.9.8za", "arch": "i486", "packageFilename": "openssl-solibs-0.9.8za-i486-1_slack13.0.txz", "packageName": "openssl-solibs", "operator": "lt"}], "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n Multiple security issues have been corrected, including a possible\n man-in-the-middle attack where weak keying material is forced, denial\n of service, and the execution of arbitrary code.\n For more information, see:\n http://www.openssl.org/news/secadv_20140605.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2014-06-05T22:27:11", "title": "openssl", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2014-06-05T22:27:11", "id": "SSA-2014-156-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.746956", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195", "http://www.openssl.org/news/secadv_20140605.txt", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221", "https://bugs.gentoo.org/show_bug.cgi?id=512506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.1h-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/openssl", "operator": "lt"}], "edition": 1, "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL. \n\nFurthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1h-r1\"", "reporter": "Gentoo Foundation", "published": "2014-07-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0224", "CVE-2014-3470", "CVE-2010-5298", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221"], "modified": "2015-06-06T00:00:00", "id": "GLSA-201407-05", "href": "https://security.gentoo.org/glsa/201407-05", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

IBM Tivoli Endpoint Manager Server 9.1.x &lt; 9.1.1117.0 OpenSSL Security Bypass

Description

IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass