Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MiracleLinux 4 : openssl-1.0.1e-16.AXS4.4 (AXSA:2014-071:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 2 Views

MiracleLinux 4 OpenSSL has vulnerabilities CVE-2013-4353, -6449, -6450 with fixes in OpenSSL 1.0.1.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ALT Linux		Security fix for the ALT Linux 7 package openssl10 version 1.0.1f-alt1
6 Jan 201400:00
altlinux
ALT Linux		Security fix for the ALT Linux 8 package openssl10 version 1.0.1f-alt1
6 Jan 201400:00
altlinux
ALT Linux		Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1f-alt1
6 Jan 201400:00
altlinux
ALT Linux		Security fix for the ALT Linux 9 package openssl10 version 1.0.1f-alt1
6 Jan 201400:00
altlinux
IBM Security Bulletins		Security Bulletin: IBM Tivoli Composite Application Manager for Transactions is affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450 and CVE-2013-6449)
17 Jun 201814:41
ibm
IBM Security Bulletins		Security Bulletin: IBM Systems Director (ISD) is affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)
30 Jan 201908:35
ibm
IBM Security Bulletins		Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)
23 Feb 202217:14
ibm
IBM Security Bulletins		Security Bulletin: Power Systems Firmware is affected by vulnerability in OpenSSL (CVE-2014-0160)
23 Sep 202101:31
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in ClearQuest OpenSSL Component (CVE-2013-4353, CVE-2013-6450, CVE-2013-6449 )
29 Sep 201818:04
ibm
IBM Security Bulletins		Security Bulletin: OpenSSL security vulnerability issues on IBM SONAS (CVE-2013-4353, CVE-2013-6449, CVE-2013-6450)
18 Jun 201800:08
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-071:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289166);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2013-4353", "CVE-2013-6449", "CVE-2013-6450");
  script_xref(name:"IAVB", value:"2014-B-0046-S");

  script_name(english:"MiracleLinux 4 : openssl-1.0.1e-16.AXS4.4 (AXSA:2014-071:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2014-071:01 advisory.

    The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a
    certificate management tool and shared libraries which provide various cryptographic algorithms and
    protocols.
     CVE-2013-4353
    The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to
    cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol
    Negotiation record in a TLS handshake.
     CVE-2013-6449
    The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number
    from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon
    crash) via crafted traffic from a TLS 1.2 client.
     CVE-2013-6450
    The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly
    maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers
    to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c
    and ssl/t1_enc.c.
    Fixed bugs:
     As part of upgrading to version 1.0.1, some shared library symbols has been removed. This caused a
    problem with Ruby language OpenSSL bindings. The missing symbols have been added.
     Previously, openssl ran RDRAND instructions on Cyrix CPUs. Those are not supported and the OpenSSL would
    crash on startup. This Cyrix CPU detection has been fixed and OpenSSL runs as expected on Cyrix CPUs.
     Previously, the Transport Layer Security advertised some elliptic curves that are unsupported. When the
    server chose them, the client could not communicate with the server. This has been fixed: the TLS client
    now only advertises supported curves.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4505");
  script_set_attribute(attribute:"solution", value:
"Update the affected openssl and / or openssl-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6450");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'openssl-1.0.1e-16.AXS4.4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'openssl-1.0.1e-16.AXS4.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'openssl-devel-1.0.1e-16.AXS4.4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'openssl-devel-1.0.1e-16.AXS4.4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jan 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25.8
EPSS0.46976
OpenSSL vulnerabilityTLS denial serviceDTLS issue fixCyrix CPU fixElliptic curves fixOpenSSL upgrade
2