Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2023 Tenable Network Security, Inc.OPENSSL_0_9_6B.NASL
HistoryJan 04, 2012 - 12:00 a.m.

OpenSSL < 0.9.6b Predictable Random Generator

2012-01-0400:00:00
This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.
www.tenable.com
18
JSON

According to its banner, the remote web server is running a version of OpenSSL that is earlier than 0.9.6b and allows remote attackers to predict the output of the pseudo-random generator.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17745);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/22");

  script_cve_id("CVE-2001-1141");
  script_bugtraq_id(3004);

  script_name(english:"OpenSSL < 0.9.6b Predictable Random Generator");
  script_summary(english:"Does a banner check");

  script_set_attribute(attribute:"synopsis", value:
"The remote server is affected by an SSL-related vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote web server is running a version
of OpenSSL that is earlier than 0.9.6b and allows remote attackers to
predict the output of the pseudo-random generator.");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.6b or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2001-1141");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2001/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/04");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.");

  script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
  script_require_keys("installed_sw/OpenSSL");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_openssl.inc');

var app_info = vcf::combined_get_app_info(app:'OpenSSL');

vcf::check_all_backporting(app_info:app_info);

var constraints = [{ 'min_version' : '0.0.0', 'fixed_version' : '0.9.6b'}];

vcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
opensslopensslcpe:/a:openssl:openssl

Related

openvas 1
f5 1
nessus 2
cve 1
cert 1
openvas
openvas
OpenSSL < 0.9.6b Information Disclosure Vulnerability
2020-11-06 00:00:00
f5
f5
K27110515 : Open SSL vulnerability CVE-2001-1141
2018-01-29 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : openssl (MDKSA-2001:065)
2004-07-31 00:00:00
OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities
2002-08-05 00:00:00
cve
cve
CVE-2001-1141
2001-07-10 04:00:00
cert
cert
OpenSSL PRNG contains design flaw that allows a user to determine internal state and predict future output
2001-10-26 00:00:00
JSON
Related for OPENSSL_0_9_6B.NASL
openvas1f51nessus2cve1cert1