CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
97.7%
The version of OpenSSL installed on the remote host is prior to 1.0.0e. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0e advisory.
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. (CVE-2015-1788)
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. (CVE-2011-3210)
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. (CVE-2011-3207)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(56162);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");
script_cve_id("CVE-2011-3207", "CVE-2011-3210", "CVE-2015-1788");
script_bugtraq_id(47888, 49469, 49471);
script_xref(name:"CERT", value:"536044");
script_name(english:"OpenSSL 1.0.0 < 1.0.0e Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of OpenSSL installed on the remote host is prior to 1.0.0e. It is, therefore, affected by multiple
vulnerabilities as referenced in the 1.0.0e advisory.
- The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve
is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service
(infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against
a server that supports client authentication. (CVE-2015-1788)
- The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does
not ensure thread safety during processing of handshake messages from clients, which allows remote
attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS
protocol. (CVE-2011-3210)
- crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which
makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to
a time in the past. (CVE-2011-3207)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20110906.txt");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150611.txt");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2011-3207");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2011-3210");
script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2015-1788");
script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL version 1.0.0e or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3207");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-1788");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2011/09/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/12");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2011-2024 Tenable Network Security, Inc.");
script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
script_require_keys("installed_sw/OpenSSL");
exit(0);
}
include('vcf.inc');
include('vcf_extras_openssl.inc');
var app_info = vcf::combined_get_app_info(app:'OpenSSL');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '1.0.0', 'fixed_version' : '1.0.0e' }
];
vcf::openssl::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3207
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
www.cve.org/CVERecord?id=CVE-2011-3207
www.cve.org/CVERecord?id=CVE-2011-3210
www.cve.org/CVERecord?id=CVE-2015-1788
www.openssl.org/news/secadv/20110906.txt
www.openssl.org/news/secadv/20150611.txt