Lucene search

Oracle Linux 4 : openssl (ELSA-2012-2011)

Oracle Linux 4 openssl ELSA-2012-2011 memory corruption fix CVE-2012-211

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Tenable Nessus	Amazon Linux AMI : openssl (ALAS-2012-72)	4 Sep 201300:00	–	nessus
Tenable Nessus	FreeBSD : OpenSSL -- integer conversions result in memory corruption (7184f92e-8bb8-11e1-8d7b-003067b2972c)	23 Apr 201200:00	–	nessus
Tenable Nessus	RHEL 4 : openssl096b (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)	27 Apr 201200:00	–	nessus
Tenable Nessus	OpenSSL 1.0.0 < 1.0.0i Vulnerability	19 Apr 201200:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)	20 Apr 201200:00	–	nessus
Tenable Nessus	RHEL 5 / 6 : openssl (RHSA-2012:0518)	25 Apr 201200:00	–	nessus
Tenable Nessus	OpenSSL 0.9.8 < 0.9.8v Vulnerability	24 Apr 201200:00	–	nessus
Tenable Nessus	Oracle Linux 5 / 6 : openssl (ELSA-2012-0518)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 4 / 5 / 6 : openssl (RHSA-2012:0522)	24 Jan 201300:00	–	nessus

Source	Link
oss	www.oss.oracle.com/pipermail/el-errata/2012-May/002796.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2012-2011.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68672);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-2110");
  script_bugtraq_id(53158);

  script_name(english:"Oracle Linux 4 : openssl (ELSA-2012-2011)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

[0.9.7a-43.18.0.1]
- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
   backport of OL5 patch 0.9.7a-11.2 by Tomas Mraz <<A HREF='http://oss.oracle.com/mailman/listinfo/el-errata'>tmraz at redhat.com</A>>"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2012-May/002796.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected openssl packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL4", reference:"openssl-0.9.7a-43.18.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"openssl-devel-0.9.7a-43.18.0.1.el4")) flag++;
if (rpm_check(release:"EL4", reference:"openssl-perl-0.9.7a-43.18.0.1.el4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2013 00:00Current

CVSS27.5

EPSS0.06281