Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.OPENSSL_0_9_8K_CMS.NASL
HistoryJan 04, 2012 - 12:00 a.m.

OpenSSL < 0.9.8k Signature Repudiation

2012-01-0400:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
24

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8k. As such, it may allow a valid sign to generate invalid signatures which would appear valid and could be repudiated later.

This only affects CMS users. CMS appeared in OpenSSL 0.9.8h.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17764);
  script_version("1.10");
  script_cvs_date("Date: 2018/07/16 14:09:14");

  script_cve_id("CVE-2009-0591");
  script_bugtraq_id(34256);

  script_name(english:"OpenSSL < 0.9.8k Signature Repudiation");
  script_summary(english:"Does a banner check");

  script_set_attribute(attribute:"synopsis", value:
"The remote server is affected by a signature repudiation
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote server is running a version of
OpenSSL that is earlier than 0.9.8k.  As such, it may allow a valid
sign to generate invalid signatures which would appear valid and could
be repudiated later. 

This only affects CMS users.  CMS appeared in OpenSSL 0.9.8h.");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20090325.txt");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.8k or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("openssl_version.nasl");
  script_require_keys("openssl/port");

  exit(0);
}

include("openssl_version.inc");

openssl_check_version(fixed:'0.9.8k', min:'0.9.8h', severity:SECURITY_NOTE);
VendorProductVersionCPE
opensslopensslcpe:/a:openssl:openssl

Related

f5 2
openvas 13
openssl 1
cvelist 1
nvd 1
cve 1
debiancve 1
ubuntucve 1
prion 1
nessus 5
threatpost 1
altlinux 4
slackware 1
f5
f5
SOL15369 - OpenSSL vulnerability CVE-2009-0591
2014-06-23 00:00:00
K15369 : OpenSSL vulnerability CVE-2009-0591
2014-06-23 00:00:00
openvas
openvas
OpenSSL: Incorrect Error Checking During CMS Verification (20090325) - Linux
2021-08-13 00:00:00
OpenSSL: Incorrect Error Checking During CMS Verification (20090325) - Windows
2021-08-13 00:00:00
Slackware Advisory SSA:2009-098-01 openssl
2012-09-11 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-0591
2009-03-25 00:00:00
cvelist
cvelist
CVE-2009-0591
2009-03-27 16:00:00
nvd
nvd
CVE-2009-0591
2009-03-27 16:30:01
cve
cve
CVE-2009-0591
2009-03-27 16:30:01
debiancve
debiancve
CVE-2009-0591
2009-03-27 16:30:01
ubuntucve
ubuntucve
CVE-2009-0591
2009-03-27 00:00:00
prion
prion
Design/Logic Flaw
2009-03-27 16:30:00
nessus
nessus
Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : openssl (SSA:2009-098-01)
2009-04-08 00:00:00
openSUSE Security Update : libopenssl-devel (libopenssl-devel-786)
2009-07-21 00:00:00
SuSE 11 Security Update : OpenSSL (SAT Patch Number 772)
2009-09-24 00:00:00
threatpost
threatpost
Multiple vulnerabilities found, fixed in OpenSSL
2009-03-26 23:43:56
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8k-alt1
2009-03-25 00:00:00
slackware
slackware
openssl
2009-04-07 23:29:36

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON
Related for OPENSSL_0_9_8K_CMS.NASL
f52openvas13openssl1cvelist1nvd1cve1debiancve1ubuntucve1prion1nessus5threatpost1altlinux4slackware1