Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2002-046.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : openssl (MDKSA-2002:046-1)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable.

From the OpenSSL advisory :

  1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulnerability is exploitable. Exploit code is NOT available at this time.

  2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

  3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled.

  4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable.

Finally, a vulnerability was found by Adi Stav and James Yonan independently in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability.

All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems, except for the ASN1 vulnerability, which a fix will be provided for once MandrakeSoft has had a chance to QA the new packages. In the meantime, it is is strongly encouraged that all users upgrade to these OpenSSL packages.

Update :

These new OpenSSL packages are available to additionally fix the ASN1 vulnerability described above. All Mandrake Linux users are encouraged to upgrade to these new packages.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:046. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(13949);
  script_version("1.28");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2002-0655", "CVE-2002-0656", "CVE-2002-0657");
  script_xref(name:"MDKSA", value:"2002:046-1");

  script_name(english:"Mandrake Linux Security Advisory : openssl (MDKSA-2002:046-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under
the DARPA program CHATS, discovered a number of vulnerabilities in the
OpenSSL code that are all potentially remotely exploitable.

From the OpenSSL advisory :

1. The client master key in SSL2 could be oversized and overrun a
buffer. This vulnerability was also independently discovered by
consultants at Neohapsis (http://www.neohapsis.com/) who have also
demonstrated that the vulnerability is exploitable. Exploit code is NOT
available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and
overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and
overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7
with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too
small on 64 bit platforms.

At the same time, various potential buffer overflows have had
assertions added; these are not known to be exploitable.

Finally, a vulnerability was found by Adi Stav and James Yonan
independently in the ASN1 parser which can be confused by supplying it
with certain invalid encodings. There are no known exploits for this
vulnerability.

All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have
been applied to the versions of OpenSSL provided in this update to fix
all of these problems, except for the ASN1 vulnerability, which a fix
will be provided for once MandrakeSoft has had a chance to QA the new
packages. In the meantime, it is is strongly encouraged that all users
upgrade to these OpenSSL packages.

Update :

These new OpenSSL packages are available to additionally fix the ASN1
vulnerability described above. All Mandrake Linux users are encouraged
to upgrade to these new packages."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-0657");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"openssl-0.9.5a-4.4mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"openssl-devel-0.9.5a-4.4mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"openssl-0.9.5a-9.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"openssl-devel-0.9.5a-9.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openssl-0.9.6-8.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"openssl-devel-0.9.6-8.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libopenssl0-0.9.6b-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libopenssl0-devel-0.9.6b-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"openssl-0.9.6b-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libopenssl0-0.9.6c-2.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libopenssl0-devel-0.9.6c-2.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"openssl-0.9.6c-2.3mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlibopenssl0p-cpe:/a:mandriva:linux:libopenssl0
mandrivalinuxlibopenssl0-develp-cpe:/a:mandriva:linux:libopenssl0-devel
mandrivalinuxopensslp-cpe:/a:mandriva:linux:openssl
mandrivalinuxopenssl-develp-cpe:/a:mandriva:linux:openssl-devel
mandrakesoftmandrake_linux7.1cpe:/o:mandrakesoft:mandrake_linux:7.1
mandrakesoftmandrake_linux7.2cpe:/o:mandrakesoft:mandrake_linux:7.2
mandrakesoftmandrake_linux8.0cpe:/o:mandrakesoft:mandrake_linux:8.0
mandrakesoftmandrake_linux8.1cpe:/o:mandrakesoft:mandrake_linux:8.1
mandrakesoftmandrake_linux8.2cpe:/o:mandrakesoft:mandrake_linux:8.2

Related

suse 2
nessus 6
debian 3
cert 6
securityvulns 1
openvas 2
osv 1
checkpoint_advisories 1
exploitdb 1
canvas 1
openssl 3
debiancve 3
cve 3
f5 1
suse
suse
remote command execution in openssl
2002-07-30 17:22:01
buffer overflow in openssl/Slapper worm
2002-09-20 07:48:45
nessus
nessus
RHEL 2.1 : openssl (RHSA-2002:157)
2004-07-06 00:00:00
Debian DSA-136-1 : openssl - multiple remote exploits
2004-09-29 00:00:00
OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities
2002-08-05 00:00:00
debian
debian
[SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
2002-09-15 00:00:00
[SECURITY] [DSA-136-3] Multiple OpenSSL problems (update)
2002-09-17 00:00:00
[SECURITY] [DSA-136-1] Multiple OpenSSL problems
2002-07-30 00:00:00
cert
cert
OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process
2002-07-30 00:00:00
ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
2002-07-30 00:00:00
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
2002-07-30 00:00:00
securityvulns
securityvulns
Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
2002-07-31 00:00:00
openvas
openvas
OpenSSL SSL2 <= 0.9.6d / 0.9.7 <= 0.9.7-beta2 Multiple Vulnerabilities
2016-11-26 00:00:00
OpenSSL 0.9.7-beta Buffer Overflow Vulnerability
2020-11-06 00:00:00
osv
osv
openssl - multiple remote exploits
2002-07-30 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Large Client Master Key Exploit Buffer Overflow - Ver2 (CVE-2002-0656)
2014-12-28 00:00:00
exploitdb
exploitdb
OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability 2
2002-07-30 00:00:00
canvas
canvas
Immunity Canvas: OPENSSL_KEYLEN
2002-08-12 04:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2002-0656
2002-07-30 00:00:00
Vulnerability in OpenSSL CVE-2002-0657
2002-07-30 00:00:00
Vulnerability in OpenSSL CVE-2002-0655
2002-07-30 00:00:00
debiancve
debiancve
CVE-2002-0656
2002-08-12 04:00:00
CVE-2002-0655
2002-08-12 04:00:00
CVE-2002-0657
2002-08-12 04:00:00
cve
cve
CVE-2002-0656
2002-08-12 04:00:00
CVE-2002-0657
2002-08-12 04:00:00
CVE-2002-0655
2002-08-12 04:00:00
f5
f5
K79531634 : OpenSSL vulnerability CVE-2002-0655
2018-01-29 00:00:00
JSON
Related for MANDRAKE_MDKSA-2002-046.NASL
suse2nessus6debian3cert6securityvulns1openvas2osv1checkpoint_advisories1exploitdb1canvas1openssl3debiancve3cve3f51