Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2016-294.NASL
HistoryMar 04, 2016 - 12:00 a.m.

openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)

2016-03-0400:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
JSON

This update for libopenssl0_9_8 fixes the following issues :

  • CVE-2016-0800 aka the ‘DROWN’ attack (bsc#968046):
    OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.

    This update changes the openssl library to :

  • Disable SSLv2 protocol support by default.

    This can be overridden by setting the environment variable ‘OPENSSL_ALLOW_SSL2’ or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.

    Note that various services and clients had already disabled SSL protocol 2 by default previously.

  • Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable ‘OPENSSL_ALLOW_EXPORT’.

  • CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well.

  • CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions.
    If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable.

  • The package was updated to 0.9.8zh :

  • fixes many security vulnerabilities (not separately listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-3570, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3508, CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0076, CVE-2013-0169, CVE-2013-0166

  • avoid running OPENSSL_config twice. This avoids breaking engine loading. (boo#952871, boo#967787)

  • fix CVE-2015-3197 (boo#963415)

  • SSLv2 doesn’t block disabled ciphers

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-294.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89651);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2013-0166",
    "CVE-2013-0169",
    "CVE-2014-0076",
    "CVE-2014-0195",
    "CVE-2014-0221",
    "CVE-2014-0224",
    "CVE-2014-3470",
    "CVE-2014-3505",
    "CVE-2014-3506",
    "CVE-2014-3507",
    "CVE-2014-3508",
    "CVE-2014-3510",
    "CVE-2014-3566",
    "CVE-2014-3567",
    "CVE-2014-3568",
    "CVE-2014-3569",
    "CVE-2014-3570",
    "CVE-2014-3571",
    "CVE-2014-3572",
    "CVE-2014-8275",
    "CVE-2015-0204",
    "CVE-2015-0209",
    "CVE-2015-0286",
    "CVE-2015-0287",
    "CVE-2015-0288",
    "CVE-2015-0289",
    "CVE-2015-0293",
    "CVE-2015-1788",
    "CVE-2015-1789",
    "CVE-2015-1790",
    "CVE-2015-1791",
    "CVE-2015-1792",
    "CVE-2015-3195",
    "CVE-2015-3197",
    "CVE-2016-0797",
    "CVE-2016-0799",
    "CVE-2016-0800"
  );
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for libopenssl0_9_8 fixes the following issues :

  - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046):
    OpenSSL was vulnerable to a cross-protocol attack that
    could lead to decryption of TLS sessions by using a
    server supporting SSLv2 and EXPORT cipher suites as a
    Bleichenbacher RSA padding oracle.

    This update changes the openssl library to :

  - Disable SSLv2 protocol support by default.

    This can be overridden by setting the environment
    variable 'OPENSSL_ALLOW_SSL2' or by using
    SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag.

    Note that various services and clients had already
    disabled SSL protocol 2 by default previously.

  - Disable all weak EXPORT ciphers by default. These can be
    reenabled if required by old legacy software using the
    environment variable 'OPENSSL_ALLOW_EXPORT'.

  - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and
    BN_dec2bn() functions had a bug that could result in an
    attempt to de-reference a NULL pointer leading to
    crashes. This could have security consequences if these
    functions were ever called by user applications with
    large untrusted hex/decimal data. Also, internal usage
    of these functions in OpenSSL uses data from config
    files or application command line arguments. If user
    developed applications generated config file data based
    on untrusted data, then this could have had security
    consequences as well.

  - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the
    internal fmtstr() and doapr_outch() functions could
    miscalculate the length of a string and attempt to
    access out-of-bounds memory locations. These problems
    could have enabled attacks where large amounts of
    untrusted data is passed to the BIO_*printf functions.
    If applications use these functions in this way then
    they could have been vulnerable. OpenSSL itself uses
    these functions when printing out human-readable dumps
    of ASN.1 data. Therefore applications that print this
    data could have been vulnerable if the data is from
    untrusted sources. OpenSSL command line applications
    could also have been vulnerable when they print out
    ASN.1 data, or if untrusted data is passed as command
    line arguments. Libssl is not considered directly
    vulnerable.

  - The package was updated to 0.9.8zh :

  - fixes many security vulnerabilities (not separately
    listed): CVE-2015-3195, CVE-2015-1788, CVE-2015-1789,
    CVE-2015-1790, CVE-2015-1792, CVE-2015-1791,
    CVE-2015-0286, CVE-2015-0287, CVE-2015-0289,
    CVE-2015-0293, CVE-2015-0209, CVE-2015-0288,
    CVE-2014-3571, CVE-2014-3569, CVE-2014-3572,
    CVE-2015-0204, CVE-2014-8275, CVE-2014-3570,
    CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,
    CVE-2014-3510, CVE-2014-3507, CVE-2014-3506,
    CVE-2014-3505, CVE-2014-3508, CVE-2014-0224,
    CVE-2014-0221, CVE-2014-0195, CVE-2014-3470,
    CVE-2014-0076, CVE-2013-0169, CVE-2013-0166

  - avoid running OPENSSL_config twice. This avoids breaking
    engine loading. (boo#952871, boo#967787)

  - fix CVE-2015-3197 (boo#963415)

  - SSLv2 doesn't block disabled ciphers");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952871");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963415");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967787");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968046");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968374");
  script_set_attribute(attribute:"solution", value:
"Update the affected libopenssl0_9_8 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-0.9.8zh-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libopenssl0_9_8-debugsource-0.9.8zh-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-0.9.8zh-14.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debuginfo-0.9.8zh-14.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libopenssl0_9_8-debugsource-0.9.8zh-14.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8zh-14.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8zh-14.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenssl0_9_8 / libopenssl0_9_8-32bit / libopenssl0_9_8-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibopenssl0_9_8p-cpe:/a:novell:opensuse:libopenssl0_9_8
novellopensuselibopenssl0_9_8-32bitp-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit
novellopensuselibopenssl0_9_8-debuginfop-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo
novellopensuselibopenssl0_9_8-debuginfo-32bitp-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit
novellopensuselibopenssl0_9_8-debugsourcep-cpe:/a:novell:opensuse:libopenssl0_9_8-debugsource
novellopensuse13.2cpe:/o:novell:opensuse:13.2
novellopensuse42.1cpe:/o:novell:opensuse:42.1

References

Related

openvas 37
suse 6
nessus 68
oraclelinux 8
fedora 8
ibm 37
altlinux 5
amazon 2
mageia 2
slackware 2
debian 6
redhat 3
freebsd 1
freebsd_advisory 2
centos 2
cloudfoundry 1
osv 3
ubuntu 4
aix 1
securityvulns 1
openvas
openvas
openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:0640-1)
2016-03-04 00:00:00
Oracle Linux Local Check: ELSA-2014-1653
2015-10-06 00:00:00
Fedora Update for openssl FEDORA-2015-10108
2015-06-25 00:00:00
suse
suse
Security update for libopenssl0_9_8 (important)
2016-03-03 14:11:44
Security update for compat-openssl097g (important)
2015-03-24 00:05:09
Security update for openssl (important)
2015-03-19 19:04:54
nessus
nessus
Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)
2015-05-19 00:00:00
OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)
2014-11-26 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)
2015-03-30 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-10-16 00:00:00
openssl security update
2014-08-13 00:00:00
openssl security update
2016-03-01 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-10.fc21
2015-06-24 15:57:49
[SECURITY] Fedora 21 Update: openssl-1.0.1k-11.fc21
2015-07-13 19:12:30
[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20
2015-03-23 07:18:26
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Service Delivery Manager. OpenSSL is installed on the operating system shipped via IBM Service Delivery Manager
2018-06-17 22:30:06
Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products
2019-01-31 01:45:01
Security Bulletin: IBM Integrated Management Module (IMM) is affected by multiple vulnerabilities in OpenSSL including Logjam
2023-04-14 14:32:25
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt2
2015-03-19 00:00:00
amazon
amazon
Medium: openssl
2015-03-23 13:42:00
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-03-19 19:47:16
Updated openssl packages fix multiple vulnerabilties
2014-06-06 14:31:01
slackware
slackware
[slackware-security] openssl
2015-04-22 01:22:19
[slackware-security] openssl
2015-06-11 23:01:09
debian
debian
[DLA 33-1] openssl security update
2014-08-07 20:36:09
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:17
openssl security update
2014-06-05 19:36:19
redhat
redhat
(RHSA-2014:1053) Moderate: openssl security update
2014-08-13 00:00:00
(RHSA-2015:0752) Moderate: openssl security update
2015-03-30 00:00:00
(RHSA-2015:0715) Moderate: openssl security update
2015-03-23 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-03-19 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:06.openssl
2015-03-19 00:00:00
FreeBSD-SA-14:14.openssl
2014-06-05 00:00:00
centos
centos
openssl security update
2014-08-13 19:52:24
openssl security update
2015-03-23 20:40:40
cloudfoundry
cloudfoundry
USN-2537-1: OpenSSL vulnerabilities | Cloud Foundry
2015-03-21 00:00:00
osv
osv
openssl - security update
2014-06-05 00:00:00
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-03-20 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-03-19 00:00:00
OpenSSL regression
2014-06-23 00:00:00
OpenSSL vulnerabilities
2014-06-05 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-04-13 05:07:43
securityvulns
securityvulns
[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities
2015-09-14 00:00:00
JSON
Related for OPENSUSE-2016-294.NASL
openvas37suse6nessus68oraclelinux8fedora8ibm37altlinux5amazon2mageia2slackware2debian6redhat3freebsd1freebsd_advisory2centos2cloudfoundry1osv3ubuntu4aix1securityvulns1