Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSSL_1_0_2H.NASL
HistoryMay 04, 2016 - 12:00 a.m.

OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities

2016-05-0400:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
76
JSON

According to its banner, the remote host is running a version of OpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the following vulnerabilities :

  • A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)

  • A heap buffer overflow condition exists in the EVP_EncryptUpdate() function within file crypto/evp/evp_enc.c that is triggered when handling a large amount of input data after a previous call occurs to the same function with a partial block. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2106)

  • Flaws exist in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  • Multiple unspecified flaws exist in the d2i BIO functions when reading ASN.1 data from a BIO due to invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to cause a denial of service condition through resource exhaustion. (CVE-2016-2109)

  • An out-of-bounds read error exists in the X509_NAME_oneline() function within file crypto/x509/x509_obj.c when handling very long ASN1 strings. An unauthenticated, remote attacker can exploit this to disclose the contents of stack memory.
    (CVE-2016-2176)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90891);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/21");

  script_cve_id(
    "CVE-2016-2105",
    "CVE-2016-2106",
    "CVE-2016-2107",
    "CVE-2016-2109",
    "CVE-2016-2176"
  );
  script_bugtraq_id(
    87940,
    89744,
    89746,
    89757,
    89760
  );
  script_xref(name:"EDB-ID", value:"39768");

  script_name(english:"OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities");
  script_summary(english:"Performs a banner check.");

  script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of
OpenSSL 1.0.2 prior to 1.0.2h. It is, therefore, affected by the
following vulnerabilities :

  - A heap buffer overflow condition exists in the
    EVP_EncodeUpdate() function within file
    crypto/evp/encode.c that is triggered when handling
    a large amount of input data. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the
    EVP_EncryptUpdate() function within file
    crypto/evp/evp_enc.c that is triggered when handling a
    large amount of input data after a previous call occurs
    to the same function with a partial block. An
    unauthenticated, remote attacker can exploit this to
    cause a denial of service condition. (CVE-2016-2106)

  - Flaws exist in the aesni_cbc_hmac_sha1_cipher()
    function in file crypto/evp/e_aes_cbc_hmac_sha1.c and
    the aesni_cbc_hmac_sha256_cipher() function in file
    crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
    when the connection uses an AES-CBC cipher and AES-NI
    is supported by the server. A man-in-the-middle attacker
    can exploit these to conduct a padding oracle attack,
    resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  - Multiple unspecified flaws exist in the d2i BIO
    functions when reading ASN.1 data from a BIO due to
    invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to
    cause a denial of service condition through resource
    exhaustion. (CVE-2016-2109)

  - An out-of-bounds read error exists in the
    X509_NAME_oneline() function within file
    crypto/x509/x509_obj.c when handling very long ASN1
    strings. An unauthenticated, remote attacker can exploit
    this to disclose the contents of stack memory.
    (CVE-2016-2176)");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20160503.txt");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/cl102.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL version 1.0.2h or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2176");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/04");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
  script_require_keys("installed_sw/OpenSSL");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_openssl.inc');

var app_info = vcf::combined_get_app_info(app:'OpenSSL');

vcf::check_all_backporting(app_info:app_info);

var constraints = [{ 'min_version' : "1.0.2", 'fixed_version' : '1.0.2h'}];

vcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
opensslopensslcpe:/a:openssl:openssl

Related

ibm 65
altlinux 5
nessus 46
openvas 29
paloalto 2
freebsd_advisory 1
mageia 1
fortinet 1
archlinux 2
huawei 1
arista 1
cisco 1
debian 2
osv 2
nodejsblog 1
slackware 1
freebsd 1
f5 2
suse 13
symantec 1
amazon 1
cloudfoundry 1
aix 1
ubuntu 1
oraclelinux 4
fedora 5
redhat 5
centos 2
gentoo 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix
2020-07-24 22:49:37
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling B2B Integrator
2020-02-05 00:53:36
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on
2018-12-08 04:55:34
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2h-alt1
2016-05-03 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2h-alt1
2016-05-03 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2h-alt1
2016-05-04 00:00:00
nessus
nessus
OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities
2016-05-04 00:00:00
FreeBSD : OpenSSL -- multiple vulnerabilities (01d729ca-1143-11e6-b55e-b499baebfeaf)
2016-05-04 00:00:00
Debian DLA-456-1 : openssl security update
2016-05-04 00:00:00
openvas
openvas
OpenSSL Multiple Vulnerabilities -01 May16 (Linux)
2016-05-02 00:00:00
OpenSSL Multiple Vulnerabilities -01 May16 (Windows)
2016-05-02 00:00:00
Mageia Linux Local Check: mgasa-2016-0169
2016-05-09 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-09-02 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:17.openssl
2016-05-04 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2016-05-08 00:22:48
fortinet
fortinet
OpenSSL Advisory - May 2016
2016-09-22 00:00:00
archlinux
archlinux
openssl: multiple issues
2016-05-04 00:00:00
lib32-openssl: multiple issues
2016-05-04 00:00:00
huawei
huawei
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
2016-07-06 00:00:00
arista
arista
Security Advisory 0020
2016-05-06 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
2016-05-04 19:30:00
debian
debian
[SECURITY] [DSA 3566-1] openssl security update
2016-05-03 18:24:21
[SECURITY] [DLA 456-1] openssl security update
2016-05-03 20:53:46
osv
osv
openssl - security update
2016-05-03 00:00:00
openssl - security update
2016-05-03 00:00:00
nodejsblog
nodejsblog
OpenSSL updates, 1.0.1t and 1.0.2h
2016-05-02 00:00:00
slackware
slackware
[slackware-security] openssl
2016-05-03 21:05:31
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-05-03 00:00:00
f5
f5
K07538415 : Multiple OpenSSL vulnerabilities
2016-05-04 00:00:00
SOL07538415 - Multiple OpenSSL vulnerabilities
2016-05-03 00:00:00
suse
suse
Security update for openssl (important)
2016-05-04 18:09:44
Security update for openssl (important)
2016-05-05 13:08:31
Security update for openssl1 (important)
2016-05-03 22:08:22
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
amazon
amazon
Important: openssl
2016-05-03 10:30:00
cloudfoundry
cloudfoundry
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-07-12 14:14:43
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-05-03 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-06-21 00:00:00
openssl security update
2016-05-09 00:00:00
openssl security update
2016-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22
2016-05-10 17:58:11
[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24
2016-05-07 12:15:14
[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23
2016-05-04 18:54:36
redhat
redhat
(RHSA-2016:0722) Important: openssl security update
2016-05-09 04:44:04
(RHSA-2016:0996) Important: openssl security update
2016-05-10 07:00:21
(RHSA-2016:2073) Important: openssl security update
2016-10-18 06:21:20
centos
centos
openssl security update
2016-05-16 10:25:52
openssl security update
2016-05-09 08:40:50
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-12-07 00:00:00
JSON
Related for OPENSSL_1_0_2H.NASL
ibm65altlinux5nessus46openvas29paloalto2freebsd_advisory1mageia1fortinet1archlinux2huawei1arista1cisco1debian2osv2nodejsblog1slackware1freebsd1f52suse13symantec1amazon1cloudfoundry1aix1ubuntu1oraclelinux4fedora5redhat5centos2gentoo1