The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities:
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread.
This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735)
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
(CVE-2018-0495)
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737)
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
(CVE-2018-0739)
A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. (CVE-2018-5407)
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0065. The text
# itself is copyright (C) ZTE, Inc.
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(127262);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/19");
script_cve_id(
"CVE-2017-3735",
"CVE-2018-0495",
"CVE-2018-0732",
"CVE-2018-0737",
"CVE-2018-0739",
"CVE-2018-5407"
);
script_bugtraq_id(103518, 103766, 104442);
script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)");
script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected
by multiple vulnerabilities:
- While parsing an IPAddressFamily extension in an X.509
certificate, it is possible to do a one-byte overread.
This would result in an incorrect text display of the
certificate. This bug has been present since 2006 and is
present in all versions of OpenSSL before 1.0.2m and
1.1.0g. (CVE-2017-3735)
- Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a
memory-cache side-channel attack on ECDSA signatures
that can be mitigated through the use of blinding during
the signing process in the _gcry_ecc_ecdsa_sign function
in cipher/ecc-ecdsa.c, aka the Return Of the Hidden
Number Problem or ROHNP. To discover an ECDSA key, the
attacker needs access to either the local machine or a
different virtual machine on the same physical host.
(CVE-2018-0495)
- OpenSSL RSA key generation was found to be vulnerable to
cache side-channel attacks. An attacker with sufficient
access to mount cache timing attacks during the RSA key
generation process could recover parts of the private
key. (CVE-2018-0737)
- Constructed ASN.1 types with a recursive definition
(such as can be found in PKCS7) could eventually exceed
the stack given malicious input with excessive
recursion. This could result in a Denial Of Service
attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered
safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).
Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
(CVE-2018-0739)
- A microprocessor side-channel vulnerability was found on
SMT (e.g, Hyper-Threading) architectures. An attacker
running a malicious process on the same core of the
processor as the victim process can extract certain
secret information. (CVE-2018-5407)
- During key agreement in a TLS handshake using a DH(E)
based ciphersuite a malicious server can send a very
large prime value to the client. This will cause the
client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang
until the client has finished. This could be exploited
in a Denial Of Service attack. Fixed in OpenSSL
1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL
1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0065");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL openssl packages. Note that updated packages may not be available yet. Please contact ZTE
for more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3735");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-0737");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/28");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
if (release !~ "CGSL CORE 5.04" &&
release !~ "CGSL MAIN 5.04")
audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
flag = 0;
pkgs = {
"CGSL CORE 5.04": [
"openssl-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-crypto-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-debuginfo-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-devel-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-libs-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-perl-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite",
"openssl-static-1.0.2k-16.el7_6.1.cgslv5.0.1.g94e9187.lite"
],
"CGSL MAIN 5.04": [
"openssl-1.0.2k-16.el7_6.1.cgslv5",
"openssl-debuginfo-1.0.2k-16.el7_6.1.cgslv5",
"openssl-devel-1.0.2k-16.el7_6.1.cgslv5",
"openssl-libs-1.0.2k-16.el7_6.1.cgslv5",
"openssl-perl-1.0.2k-16.el7_6.1.cgslv5",
"openssl-static-1.0.2k-16.el7_6.1.cgslv5"
]
};
pkg_list = pkgs[release];
foreach (pkg in pkg_list)
if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
security.gd-linux.com/notice/NS-SA-2019-0065