OpenSSL 0.9.8 < 0.9.8x DTLS CBC Denial of Service

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59076);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/22");

  script_cve_id("CVE-2012-2333");
  script_bugtraq_id(53476);

  script_name(english:"OpenSSL 0.9.8 < 0.9.8x DTLS CBC Denial of Service");
  script_summary(english:"Does a banner check");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote host may be affected by a denial of service vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"According to its banner, the remote web server is running a version
of OpenSSL 0.9.8 earlier than 0.9.8x. As such, the OpenSSL library
itself is reportedly affected by a denial of service vulnerability.

An integer underflow error exists in the file 'ssl/d1_enc.c' in the
function 'dtls1_enc'. When in CBC mode, DTLS record length values and
explicit initialization vector length values related to DTLS packets
are not handled properly, which can lead to memory corruption and
application crashes."
  );
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20120510.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/changelog.html");
  script_set_attribute(attribute:"see_also", value:"http://cvs.openssl.org/chngview?cn=22538");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=820686");
  script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL 0.9.8x or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2333");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/11");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2023 Tenable Network Security, Inc.");

  script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
  script_require_keys("installed_sw/OpenSSL");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_openssl.inc');

var app_info = vcf::combined_get_app_info(app:'OpenSSL');

vcf::check_all_backporting(app_info:app_info);


var constraints = [{ 'min_version' : '0.0.0', 'fixed_version' : '0.9.8x'}];

vcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);