Multiple vulnerabilities has been discovered and corrected in openssl :
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack (CVE-2014-3567).
The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:203.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78665);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/26");
script_cve_id("CVE-2014-3566", "CVE-2014-3567");
script_bugtraq_id(70574, 70586);
script_xref(name:"MDVSA", value:"2014:203");
script_name(english:"Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)");
script_set_attribute(attribute:"synopsis", value:
"The remote Mandriva Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities has been discovered and corrected in
openssl :
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade. Some client applications (such as browsers) will reconnect
using a downgraded protocol to work around interoperability bugs in
older servers. This could be exploited by an active man-in-the-middle
to downgrade connections to SSL 3.0 even if both sides of the
connection support higher protocols. SSL 3.0 contains a number of
weaknesses including POODLE (CVE-2014-3566).
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack (CVE-2014-3567).
The updated packages have been upgraded to the 1.0.0o version where
these security flaws has been fixed.");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20141015.txt");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl1.0.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Mandriva Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-devel-1.0.0o-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-engines1.0.0-1.0.0o-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl-static-devel-1.0.0o-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64openssl1.0.0-1.0.0o-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"openssl-1.0.0o-1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | lib64openssl-devel | p-cpe:/a:mandriva:linux:lib64openssl-devel |
mandriva | linux | lib64openssl-engines1.0.0 | p-cpe:/a:mandriva:linux:lib64openssl-engines1.0.0 |
mandriva | linux | lib64openssl-static-devel | p-cpe:/a:mandriva:linux:lib64openssl-static-devel |
mandriva | linux | lib64openssl1.0.0 | p-cpe:/a:mandriva:linux:lib64openssl1.0.0 |
mandriva | linux | openssl | p-cpe:/a:mandriva:linux:openssl |
mandriva | business_server | 1 | cpe:/o:mandriva:business_server:1 |