ID ORACLELINUX_ELSA-2016-3576.NASL Type nessus Reporter This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2016-06-22T00:00:00
Description
Description of changes:
[0.9.8e-40.0.2]
- CVE-2016-0799 - Fix memory issues in BIO_*printf functions
- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate
- CVE-2016-2106 - Fix encrypt overflow
- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2016-3576.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(91738);
script_version("2.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2109");
script_name(english:"Oracle Linux 5 : openssl (ELSA-2016-3576)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Description of changes:
[0.9.8e-40.0.2]
- CVE-2016-0799 - Fix memory issues in BIO_*printf functions
- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate
- CVE-2016-2106 - Fix encrypt overflow
- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2016-June/006124.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openssl packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/03");
script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL5", reference:"openssl-0.9.8e-40.0.2.el5_11")) flag++;
if (rpm_check(release:"EL5", reference:"openssl-devel-0.9.8e-40.0.2.el5_11")) flag++;
if (rpm_check(release:"EL5", reference:"openssl-perl-0.9.8e-40.0.2.el5_11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl");
}
{"id": "ORACLELINUX_ELSA-2016-3576.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 : openssl (ELSA-2016-3576)", "description": "Description of changes:\n\n[0.9.8e-40.0.2]\n- CVE-2016-0799 - Fix memory issues in BIO_*printf functions\n- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate\n- CVE-2016-2106 - Fix encrypt overflow\n- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.", "published": "2016-06-22T00:00:00", "modified": "2016-06-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/91738", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-June/006124.html"], "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "type": "nessus", "lastseen": "2021-01-17T12:51:01", "edition": 22, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2016-3576", "ELSA-2016-3558", "ELSA-2016-3571", "ELSA-2016-0722"]}, {"type": "cve", "idList": ["CVE-2016-2106", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109"]}, {"type": "f5", "idList": ["SOL23230229", "F5:K23230229", "SOL36488941", "SOL22334603", "F5:K51920288", "SOL51920288", "F5:K22334603", "F5:K36488941"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192217", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310871614", "OPENVAS:1361412562310851296", "OPENVAS:1361412562310807569", "OPENVAS:1361412562310131285", "OPENVAS:1361412562310703566", "OPENVAS:1361412562310871610", "OPENVAS:1361412562310122924", "OPENVAS:1361412562310851309"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2016-0996.NASL", "CENTOS_RHSA-2016-0722.NASL", "CENTOS_RHSA-2016-0996.NASL", "ORACLELINUX_ELSA-2016-0996.NASL", "REDHAT-RHSA-2016-2073.NASL", "ORACLELINUX_ELSA-2016-0722.NASL", "SL_20160509_OPENSSL_ON_SL7_X.NASL", "EULEROS_SA-2019-2217.NASL", "REDHAT-RHSA-2016-0722.NASL", "SL_20160510_OPENSSL_ON_SL6_X.NASL"]}, {"type": "hackerone", "idList": ["H1:134880"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1233-1", "SUSE-SU-2016:1290-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1228-1", "OPENSUSE-SU-2016:1273-1", "SUSE-SU-2016:1267-1", "OPENSUSE-SU-2016:1242-1", "SUSE-SU-2016:1360-1", "OPENSUSE-SU-2016:1238-1"]}, {"type": "fedora", "idList": ["FEDORA:58BAF60A0C7C", "FEDORA:56D376268FDB"]}, {"type": "centos", "idList": ["CESA-2016:0722", "CESA-2016:0996"]}, {"type": "redhat", "idList": ["RHSA-2016:2073", "RHSA-2016:0722", "RHSA-2016:0996"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62"]}, {"type": "amazon", "idList": ["ALAS-2016-695"]}, {"type": "ubuntu", "idList": ["USN-2959-1"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0023"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY20.ASC"]}], "modified": "2021-01-17T12:51:01", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-01-17T12:51:01", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3576.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91738);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2016-3576)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[0.9.8e-40.0.2]\n- CVE-2016-0799 - Fix memory issues in BIO_*printf functions\n- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate\n- CVE-2016-2106 - Fix encrypt overflow\n- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006124.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-40.0.2.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-40.0.2.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-40.0.2.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "91738", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-perl"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:07:36", "description": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2109", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2109"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2109", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:36", "description": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2106", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2106"], "modified": "2018-07-19T01:29:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g"], "id": "CVE-2016-2106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2106", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:10:38", "description": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-03T20:59:00", "title": "CVE-2016-0799", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0799"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/a:pulsesecure:client:-", "cpe:/a:pulsesecure:steel_belted_radius:-", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k"], "id": "CVE-2016-0799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0799", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:client:-:*:*:*:*:iphone_os:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:steel_belted_radius:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:a:pulsesecure:client:-:*:*:*:*:android:*:*"]}, {"lastseen": "2020-12-09T20:07:36", "description": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-05T01:59:00", "title": "CVE-2016-2105", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2105"], "modified": "2019-02-21T15:09:00", "cpe": ["cpe:/a:openssl:openssl:1.0.1a", "cpe:/a:oracle:mysql:5.7.12", "cpe:/a:openssl:openssl:1.0.1", "cpe:/a:openssl:openssl:1.0.1e", "cpe:/a:openssl:openssl:1.0.1d", "cpe:/a:openssl:openssl:1.0.1o", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:openssl:openssl:1.0.1g", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:openssl:openssl:1.0.1r", "cpe:/a:openssl:openssl:1.0.2", "cpe:/a:openssl:openssl:1.0.1q", "cpe:/a:openssl:openssl:1.0.2a", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:openssl:openssl:1.0.1b", "cpe:/a:openssl:openssl:1.0.1h", "cpe:/a:openssl:openssl:1.0.2c", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:openssl:openssl:1.0.2b", "cpe:/a:openssl:openssl:1.0.2f", "cpe:/a:openssl:openssl:1.0.1c", "cpe:/o:opensuse:leap:42.1", "cpe:/a:openssl:openssl:1.0.1i", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:openssl:openssl:1.0.1m", "cpe:/a:openssl:openssl:1.0.1n", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/a:openssl:openssl:1.0.2d", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/a:openssl:openssl:1.0.1j", "cpe:/a:openssl:openssl:1.0.1f", "cpe:/a:openssl:openssl:1.0.1p", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:openssl:openssl:1.0.2e", "cpe:/a:openssl:openssl:1.0.1s", "cpe:/o:apple:mac_os_x:10.11.5", "cpe:/a:oracle:mysql:5.6.30", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2", "cpe:/a:openssl:openssl:1.0.2g", "cpe:/a:openssl:openssl:1.0.1l", "cpe:/a:openssl:openssl:1.0.1k", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-2105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2105", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.30:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "[0.9.8e-40.0.2]\n- CVE-2016-0799 - Fix memory issues in BIO_*printf functions\n- CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate\n- CVE-2016-2106 - Fix encrypt overflow\n- CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data.", "edition": 4, "modified": "2016-06-21T00:00:00", "published": "2016-06-21T00:00:00", "id": "ELSA-2016-3576", "href": "http://linux.oracle.com/errata/ELSA-2016-3576.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "[1.0.1e-51.5]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf", "edition": 4, "modified": "2016-05-09T00:00:00", "published": "2016-05-09T00:00:00", "id": "ELSA-2016-0722", "href": "http://linux.oracle.com/errata/ELSA-2016-0722.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "[1.0.1e-48.1]\n- fix CVE-2016-2105 - possible overflow in base64 encoding\n- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()\n- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n- fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n- fix CVE-2016-0799 - memory issues in BIO_printf", "edition": 4, "modified": "2016-05-13T00:00:00", "published": "2016-05-13T00:00:00", "id": "ELSA-2016-3558", "href": "http://linux.oracle.com/errata/ELSA-2016-3558.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "[1.0.1t-2.0.1]\n- update to upstream 1.0.1t\n- Original 1.0.1 test certificates has expired on May 10, 2016. Updated certificatea were copied from 1.0.2h tree (alexey.petrenko@oracle.com)", "edition": 4, "modified": "2016-06-15T00:00:00", "published": "2016-06-15T00:00:00", "id": "ELSA-2016-3571", "href": "http://linux.oracle.com/errata/ELSA-2016-3571.html", "title": "openssl-fips security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2019-11-14T23:22:44", "bulletinFamily": "software", "cvelist": ["CVE-2016-2109"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), ID 500324 (ARX), and LRS-60729 (LineRate) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-4 and H591062-6 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | OpenSSL and TMM \n | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | f5-rest-node \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | OpenSSL and TMM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | f5-rest-node \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WebAccelerator | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nBIG-IP WOM | 10.2.1 - 10.2.4 | None | Low | OpenSSL, TMM, and f5-rest-node \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | 2.4.0 - 2.6.1 | None | Low | OpenSSL \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you can avoid using the Node.js loadPKCS12 function on untrusted input.\n\n**Impact of action:** Changing the design of your Node.js code may have additional traffic processing effects. Ensure any modification is compatible with your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:33:00", "published": "2016-05-07T03:39:00", "id": "F5:K23230229", "href": "https://support.f5.com/csp/article/K23230229", "title": "OpenSSL vulnerability CVE-2016-2109", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-15T09:22:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-2106"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062-1 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL, OpenSSH, Advanced Routing, IPsec, TMM, and the **mcpd** process \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "edition": 1, "modified": "2018-04-20T21:49:00", "published": "2016-05-20T00:59:00", "id": "F5:K36488941", "href": "https://support.f5.com/csp/article/K36488941", "title": "OpenSSL vulnerability CVE-2016-2106", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-19T09:29:41", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105"], "description": "\nF5 Product Development has assigned IDs 591042, 591325, 591327, 591328, and 591329 (BIG-IP), ID 594024 (BIG-IQ and F5 iWorkflow), ID 594030 (Enterprise Manager), and ID 500324 (ARX) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H591062 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP AAM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP AFM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \nBIG-IP Analytics | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP APM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF2 | Low | Oracle SDK for OAM \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP ASM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP DNS | 12.0.0 - 12.1.1 | 13.0.0 \n12.1.2 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \nBIG-IP Link Controller | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PEM | 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.2 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iControl REST, OpenSSL \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 \n11.5.0 - 11.5.4 | 13.0.0 \n12.1.2 HF1 \n11.6.1 HF1 \n11.5.4 HF3 | Low | iAppsLX (f5-rest-node) \n \nBIG-IP PSM | 11.4.0 - 11.4.1 \n11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Low | iControl REST, OpenSSL \nARX | 6.2.0 - 6.4.0 | None | Low | OpenSSL (when accessing the management IP) \nEnterprise Manager | 3.1.1 | None | Low | OpenSSL \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Low | OpenSSL \nBIG-IQ ADC | 4.5.0 | None | Low | OpenSSL \nBIG-IQ Centralized Management | 5.0.0 \n4.6.0 | 5.1.0 | Low | OpenSSL \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Low | OpenSSL \nF5 iWorkflow | 2.0.0 | 2.0.1 | Low | OpenSSL \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "edition": 1, "modified": "2018-04-20T19:03:00", "published": "2016-05-20T01:06:00", "id": "F5:K51920288", "href": "https://support.f5.com/csp/article/K51920288", "title": "OpenSSL vulnerability CVE-2016-2105", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-11-18T17:26:57", "bulletinFamily": "software", "cvelist": ["CVE-2016-2109"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nLineRate\n\nTo mitigate this vulnerability, you can avoid using the Node.js loadPKCS12 function on untrusted input.\n\n**Impact of action:** Changing the design of your Node.js code may have additional traffic processing effects. Ensure any modification is compatible with your environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-11-18T00:00:00", "published": "2016-05-06T00:00:00", "id": "SOL23230229", "href": "http://support.f5.com/kb/en-us/solutions/public/k/23/sol23230229.html", "type": "f5", "title": "SOL23230229 - OpenSSL vulnerability CVE-2016-2109", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-11-18T17:27:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-2106"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "edition": 1, "modified": "2016-11-18T00:00:00", "published": "2016-05-19T00:00:00", "id": "SOL36488941", "href": "http://support.f5.com/kb/en-us/solutions/public/k/36/sol36488941.html", "type": "f5", "title": "SOL36488941 - OpenSSL vulnerability CVE-2016-2106", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-11-14T21:27:06", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nARX\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "edition": 1, "modified": "2016-11-14T00:00:00", "published": "2016-05-19T00:00:00", "id": "SOL51920288", "href": "http://support.f5.com/kb/en-us/solutions/public/k/51/sol51920288.html", "type": "f5", "title": "SOL51920288 - OpenSSL vulnerability CVE-2016-2105", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:13", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "\nF5 Product Development has assigned ID 580313 (BIG-IP), ID 580516 (BIG-IQ and iWorkflow), and ID 580518 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H22334603 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP DNS| 12.0.0 - 12.1.0| 13.0.0 \n12.1.1 - 12.1.2| Low| OpenSSL API \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP GTM| 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4| 13.0.0 \n12.1.1 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF2| Low| OpenSSL API \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| OpenSSL API \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| OpenSSL API \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| OpenSSL API \nBIG-IQ ADC| 4.5.0| None| Low| OpenSSL API \nBIG-IQ Centralized Management| 5.0.0 \n4.6.0| 5.1.0| Low| OpenSSL API \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| OpenSSL API \nF5 iWorkflow| 2.0.0| 2.0.1| Low| OpenSSL API \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager**\n\nTo mitigate this vulnerability, ensure that any custom BIG-IP monitors or custom configurations relying on OpenSSL command line utilities which depend on the function specified in this vulnerability, are only interacting with trusted systems in your environment.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-30T21:36:00", "published": "2016-03-26T00:38:00", "id": "F5:K22334603", "href": "https://support.f5.com/csp/article/K22334603", "title": "OpenSSL vulnerability CVE-2016-0799", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2016-0799", "CVE-2016-2842"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nTo mitigate this vulnerability, ensure that any custom BIG-IP monitors or custom configurations relying on OpenSSL command line utilities which depend on the function specified in this vulnerability, are only interacting with trusted systems in your environment.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-09-01T00:00:00", "published": "2016-03-25T00:00:00", "id": "SOL22334603", "href": "http://support.f5.com/kb/en-us/solutions/public/k/22/sol22334603.html", "type": "f5", "title": "SOL22334603 - OpenSSL vulnerability CVE-2016-0799", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-01-27T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6306", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192217", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-2217)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2217\");\n script_version(\"2020-01-23T12:40:17+0000\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2109\", \"CVE-2016-2842\", \"CVE-2016-6306\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:40:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:40:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2019-2217)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2217\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2217\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl098e' package(s) announced via the EulerOS-SA-2019-2217 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2105)\n\nAn integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application.(CVE-2016-2106)\n\nA denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data.(CVE-2016-2109)\n\nThe fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.(CVE-2016-0799)\n\nThe certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.(CVE-2016-6306)\n\nThe doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.(CVE-2016-2842)\");\n\n script_tag(name:\"affected\", value:\"'openssl098e' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl098e\", rpm:\"openssl098e~0.9.8e~29.3.h8.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "Mageia Linux Local Security Checks mgasa-2016-0169", "modified": "2018-10-12T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131285", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131285", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0169", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0169.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131285\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:17:48 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0169\");\n script_tag(name:\"insight\", value:\"An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption (CVE-2016-2105). An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption (CVE-2016-2106). A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI (CVE-2016-2107). When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory (CVE-2016-2109)\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0169.html\");\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0169\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2h~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310871610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871610", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0722-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0722-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871610\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:08 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0722-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as\na full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0722-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "Check the version of openssl", "modified": "2019-03-08T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310882486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882486", "type": "openvas", "title": "CentOS Update for openssl CESA-2016:0722 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for openssl CESA-2016:0722 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882486\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:19:51 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\",\n \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for openssl CESA-2016:0722 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,\nas well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0722\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310871614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871614", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0996-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0996-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871614\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:23:21 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0996-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library.\n\nSecurity Fix(es):\n\n * A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library.\n(CVE-2016-2108)\n\n * Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application.\n(CVE-2016-2105, CVE-2016-2106)\n\n * It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n * Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application.\n(CVE-2016-0799, CVE-2016-2842)\n\n * A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno Bock, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0996-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~48.el6_8.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "Oracle Linux Local Security Checks ELSA-2016-0722", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122924", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0722.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122924\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:42 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0722\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0722 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0722\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0722.html\");\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2107\", \"CVE-2016-2842\", \"CVE-2016-2106\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.5\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "This host is running OpenSSL and is prone\n to multiple vulnerabilities.", "modified": "2019-02-27T00:00:00", "published": "2016-05-02T00:00:00", "id": "OPENVAS:1361412562310807570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807570", "type": "openvas", "title": "OpenSSL Multiple Vulnerabilities -01 May16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_mult_vuln01_may16_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807570\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2016-2176\", \"CVE-2016-2109\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2105\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-02 12:46:24 +0530 (Mon, 02 May 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL Multiple Vulnerabilities -01 May16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c\n script in OpenSSL.\n\n - An integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c\n script in OpenSSL.\n\n - An error in the 'asn1_d2i_read_bio' function in crypto/asn1/a_d2i_fp.c script\n in the ASN.1 BIO implementation in OpenSSL.\n\n - An error in 'X509_NAME_oneline' function in crypto/x509/x509_obj.c in OpenSSL.\n\n - A MITM attacker can use a padding oracle attack to decrypt traffic\n when the connection uses an AES CBC cipher and the server support AES-NI.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to conduct mitm attack, gain access to potentially sensitive information,\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.0.1 before 1.0.1t\n and 1.0.2 before 1.0.2h on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenSSL 1.0.1t or 1.0.2h or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20160503.txt\");\n script_xref(name:\"URL\", value:\"https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^1\\.0\\.1\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.1t\"))\n {\n fix = \"1.0.1t\";\n VULN = TRUE;\n }\n}\n\nelse if(vers =~ \"^1\\.0\\.2\")\n{\n if(version_is_less(version:vers, test_version:\"1.0.2h\"))\n {\n fix = \"1.0.2h\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-11T00:00:00", "id": "OPENVAS:1361412562310851309", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851309", "type": "openvas", "title": "openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2016:1273-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851309\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:24:06 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for compat-openssl098 (openSUSE-SU-2016:1273-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openssl098'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular exponentiation\n 'CacheBleed' (bsc#968050)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"compat-openssl098 on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1273-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"compat-openssl098-debugsource\", rpm:\"compat-openssl098-debugsource~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8j~12.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-10T00:00:00", "id": "OPENVAS:1361412562310851308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851308", "type": "openvas", "title": "SUSE: Security Advisory for compat-openssl098 (SUSE-SU-2016:1267-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851308\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:21:45 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for compat-openssl098 (SUSE-SU-2016:1267-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-openssl098'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular exponentiation\n 'CacheBleed' (bsc#968050)\n\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\");\n\n script_tag(name:\"affected\", value:\"compat-openssl098 on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1267-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"compat-openssl098-debugsource\", rpm:\"compat-openssl098-debugsource~0.9.8j~97.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8j~97.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8j~97.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8j~97.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8j~97.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-05-06T00:00:00", "id": "OPENVAS:1361412562310851296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851296", "type": "openvas", "title": "openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:1242-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851296\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 05:19:16 +0200 (Fri, 06 May 2016)\");\n script_cve_id(\"CVE-2016-0702\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2108\",\n \"CVE-2016-2109\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for libopenssl0_9_8 (openSUSE-SU-2016:1242-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libopenssl0_9_8'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n - CVE-2016-0702: Side channel attack on modular exponentiation\n 'CacheBleed' (bsc#968050)\n\n - bsc#976943: Buffer overrun in ASN1_parse\");\n\n script_tag(name:\"affected\", value:\"libopenssl0_9_8 on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1242-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debugsource\", rpm:\"libopenssl0_9_8-debugsource~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8zh~9.6.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T09:00:00", "description": "According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncodeUpdate() function of\n OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2105)\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncryptUpdate() function\n of OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2106)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data.(CVE-2016-2109)\n\n - The fmtstr function in crypto/bio/b_print.c in OpenSSL\n 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly\n calculates string lengths, which allows remote\n attackers to cause a denial of service (overflow and\n out-of-bounds read) or possibly have unspecified other\n impact via a long string, as demonstrated by a large\n amount of ASN.1 data, a different vulnerability than\n CVE-2016-2842.(CVE-2016-0799)\n\n - The certificate parser in OpenSSL before 1.0.1u and\n 1.0.2 before 1.0.2i might allow remote attackers to\n cause a denial of service (out-of-bounds read) via\n crafted certificate operations, related to s3_clnt.c\n and s3_srvr.c.(CVE-2016-6306)\n\n - The doapr_outch function in crypto/bio/b_print.c in\n OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g\n does not verify that a certain memory allocation\n succeeds, which allows remote attackers to cause a\n denial of service (out-of-bounds write or memory\n consumption) or possibly have unspecified other impact\n via a long string, as demonstrated by a large amount of\n ASN.1 data, a different vulnerability than\n CVE-2016-0799.(CVE-2016-2842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-2217)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-6306", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2217.NASL", "href": "https://www.tenable.com/plugins/nessus/130679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130679);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0799\",\n \"CVE-2016-2105\",\n \"CVE-2016-2106\",\n \"CVE-2016-2109\",\n \"CVE-2016-2842\",\n \"CVE-2016-6306\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2019-2217)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncodeUpdate() function of\n OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2105)\n\n - An integer overflow flaw, leading to a buffer overflow,\n was found in the way the EVP_EncryptUpdate() function\n of OpenSSL parsed very large amounts of input data. A\n remote attacker could use this flaw to crash an\n application using OpenSSL or, possibly, execute\n arbitrary code with the permissions of the user running\n that application.(CVE-2016-2106)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data.(CVE-2016-2109)\n\n - The fmtstr function in crypto/bio/b_print.c in OpenSSL\n 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly\n calculates string lengths, which allows remote\n attackers to cause a denial of service (overflow and\n out-of-bounds read) or possibly have unspecified other\n impact via a long string, as demonstrated by a large\n amount of ASN.1 data, a different vulnerability than\n CVE-2016-2842.(CVE-2016-0799)\n\n - The certificate parser in OpenSSL before 1.0.1u and\n 1.0.2 before 1.0.2i might allow remote attackers to\n cause a denial of service (out-of-bounds read) via\n crafted certificate operations, related to s3_clnt.c\n and s3_srvr.c.(CVE-2016-6306)\n\n - The doapr_outch function in crypto/bio/b_print.c in\n OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g\n does not verify that a certain memory allocation\n succeeds, which allows remote attackers to cause a\n denial of service (out-of-bounds write or memory\n consumption) or possibly have unspecified other impact\n via a long string, as demonstrated by a large amount of\n ASN.1 data, a different vulnerability than\n CVE-2016-0799.(CVE-2016-2842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2217\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?660a079a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h8.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:40", "description": "From Red Hat Security Advisory 2016:0996 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-16T00:00:00", "title": "Oracle Linux 6 : openssl (ELSA-2016-0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-16T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-static", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0996 and \n# Oracle Linux Security Advisory ELSA-2016-0996 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91152);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"Oracle Linux 6 : openssl (ELSA-2016-0996)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0996 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006053.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl / openssl-static\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:22", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "RHEL 7 : openssl (RHSA-2016:0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91033);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2016:0722)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0722\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:38", "description": "From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "Oracle Linux 7 : openssl (ELSA-2016-0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# Oracle Linux Security Advisory ELSA-2016-0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91029);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"Oracle Linux 7 : openssl (ELSA-2016-0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0722 :\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:36", "description": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "CentOS 7 : openssl (CESA-2016:0722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2016-0722.NASL", "href": "https://www.tenable.com/plugins/nessus/91017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0722 and \n# CentOS Errata and Security Advisory 2016:0722 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91017);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0722\");\n\n script_name(english:\"CentOS 7 : openssl (CESA-2016:0722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-May/021860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8963b97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:24", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "RHEL 6 : openssl (RHSA-2016:0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl-static", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0996. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91037);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:0996)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0996\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:43", "description": "An update for openssl is now available for Red Hat Enterprise Linux\n6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-18T00:00:00", "title": "RHEL 6 : openssl (RHSA-2016:2073)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel"], "id": "REDHAT-RHSA-2016-2073.NASL", "href": "https://www.tenable.com/plugins/nessus/94105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2073. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94105);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:2073\");\n\n script_name(english:\"RHEL 6 : openssl (RHSA-2016:2073)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux\n6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2842\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2073\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-debuginfo-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"openssl-devel-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el6_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:14", "description": "Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-11T00:00:00", "title": "Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-11T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "p-cpe:/a:fermilab:scientific_linux:openssl-libs"], "id": "SL_20160509_OPENSSL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91041);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL7.x x86_64 (20160509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1605&L=scientific-linux-errata&F=&S=&P=778\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2b821af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-51.el7_2.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-51.el7_2.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:30:38", "description": "An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno B\u00c3\u00b6ck, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.", "edition": 25, "published": "2016-05-17T00:00:00", "title": "CentOS 6 : openssl (CESA-2016:0996)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-05-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-devel", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-static"], "id": "CENTOS_RHSA-2016-0996.NASL", "href": "https://www.tenable.com/plugins/nessus/91171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0996 and \n# CentOS Errata and Security Advisory 2016:0996 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91171);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n script_xref(name:\"RHSA\", value:\"2016:0996\");\n\n script_name(english:\"CentOS 6 : openssl (CESA-2016:0996)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for openssl is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially\ncrafted certificate which, when verified or re-encoded by OpenSSL,\ncould cause it to crash, or execute arbitrary code using the\npermissions of the user running an application compiled against the\nOpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found\nin the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of\nOpenSSL parsed very large amounts of input data. A remote attacker\ncould use these flaws to crash an application using OpenSSL or,\npossibly, execute arbitrary code with the permissions of the user\nrunning that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when\ndecrypting TLS/SSL and DTLS protocol encrypted records when the\nconnection used the AES CBC cipher suite and the server supported\nAES-NI. A remote attacker could possibly use this flaw to retrieve\nplain text from encrypted packets by using a TLS/SSL or DTLS server as\na padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially\nexecute code with the permissions of the user running such an\napplication. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could\nbe forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa\nSidhpurwala (Red Hat), Hanno B\u00c3\u00b6ck, and David Benjamin (Google) as the\noriginal reporters of CVE-2016-2108; Guido Vranken as the original\nreporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and\nCVE-2016-0799; and Juraj Somorovsky as the original reporter of\nCVE-2016-2107.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-May/003097.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b86a0c1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n# Temporarily disabled\nexit(0);\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:15", "description": "Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-09T00:00:00", "title": "Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "modified": "2016-06-09T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openssl-static"], "id": "SL_20160510_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91541);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\", \"CVE-2016-2842\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way OpenSSL encoded certain\n ASN.1 data structures. An attacker could use this flaw\n to create a specially crafted certificate which, when\n verified or re-encoded by OpenSSL, could cause it to\n crash, or execute arbitrary code using the permissions\n of the user running an application compiled against the\n OpenSSL library. (CVE-2016-2108)\n\n - Two integer overflow flaws, leading to buffer overflows,\n were found in the way the EVP_EncodeUpdate() and\n EVP_EncryptUpdate() functions of OpenSSL parsed very\n large amounts of input data. A remote attacker could use\n these flaws to crash an application using OpenSSL or,\n possibly, execute arbitrary code with the permissions of\n the user running that application. (CVE-2016-2105,\n CVE-2016-2106)\n\n - It was discovered that OpenSSL leaked timing information\n when decrypting TLS/SSL and DTLS protocol encrypted\n records when the connection used the AES CBC cipher\n suite and the server supported AES-NI. A remote attacker\n could possibly use this flaw to retrieve plain text from\n encrypted packets by using a TLS/SSL or DTLS server as a\n padding oracle. (CVE-2016-2107)\n\n - Several flaws were found in the way BIO_*printf\n functions were implemented in OpenSSL. Applications\n which passed large amounts of untrusted data through\n these functions could crash or potentially execute code\n with the permissions of the user running such an\n application. (CVE-2016-0799, CVE-2016-2842)\n\n - A denial of service flaw was found in the way OpenSSL\n parsed certain ASN.1-encoded data from BIO (OpenSSL's\n I/O abstraction) inputs. An application using OpenSSL\n that accepts untrusted ASN.1 BIO input could be forced\n to allocate an excessive amount of data. (CVE-2016-2109)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=2153\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52edfd08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-48.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-48.el6_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2019-01-30T22:19:16", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2016-2109"], "description": "On 4 April 2016 I reported a bug to the OpenSSL Security Team where I was able to force OpenSSL to use large amounts of cpu time, memory and swap space. They confirmed receipt on 6 April 2016 and on 22 April 2016 I was notified that they were assigning CVE-2016-2109 to this flaw and the fix was committed to git on 22 April 2016. \n\n```\nThe main cause is the way asn1_d2i_read_bio works: it allocates memory depending on the length field. Your test cases looks like this:\n\n30 84 30 30 30 30 30\n\nWhich translates to a SEQUENCE with a length of 0x30303030 which explains the huge memory requirements.\n\nIn some cases this is intended (for example large CMS messages) so we can't just reject these. Additionally because the input comes from a BIO we may not know the actual length of the data (e.g. from a pipe) so we can't immediately determine if there isn't enough data to read. We can however read the input in\nsmaller chunks and determine if there is an unexpected EOF. That would mean that you couldn't have a tiny file allocate huge amounts of memory. We currently have a patch being reviewed that does this: that would reject your test case instead of allocating lots of memory.\n\nIf you're calling the memory based ASN.1 decoders this shouldn't happen because they can sanity check length fields.\n```\n\nFixed in master:\nhttps://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807", "modified": "2016-05-03T20:38:06", "published": "2016-04-26T22:31:48", "id": "H1:134880", "href": "https://hackerone.com/reports/134880", "type": "hackerone", "title": "OpenSSL (IBB): ASN.1 BIO excessive memory allocation (CVE-2016-2109)", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T12:42:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl097g fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n Bugs fixed:\n - bsc#976943: Fix buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-04T18:08:19", "published": "2016-05-04T18:08:19", "id": "SUSE-SU-2016:1231-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html", "title": "Security update for compat-openssl097g (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n", "edition": 1, "modified": "2016-05-04T16:14:12", "published": "2016-05-04T16:14:12", "id": "SUSE-SU-2016:1228-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2016-05-11T00:07:42", "published": "2016-05-11T00:07:42", "id": "OPENSUSE-SU-2016:1273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html", "type": "suse", "title": "Security update for compat-openssl098 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl1 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n\n Bugs fixed:\n - bsc#971354: libopenssl1_0_0 now Recommends: openssl1 to get correct SSL\n Root Certificate hashes\n - bsc#889013: Rename README.SuSE to the new spelling README.SUSE\n - bsc#976943: Fixed a buffer overrun in ASN1_parse.\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n\n", "edition": 1, "modified": "2016-05-03T22:08:22", "published": "2016-05-03T22:08:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html", "id": "SUSE-SU-2016:1206-1", "title": "Security update for openssl1 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:07:36", "published": "2016-05-05T13:07:36", "id": "OPENSUSE-SU-2016:1237-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:32:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for libopenssl0_9_8 fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T18:07:52", "published": "2016-05-05T18:07:52", "id": "OPENSUSE-SU-2016:1242-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html", "title": "Security update for libopenssl0_9_8 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:08", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "edition": 1, "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n", "modified": "2016-05-04T18:09:44", "published": "2016-05-04T18:09:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html", "id": "SUSE-SU-2016:1233-1", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-0702", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for compat-openssl098 fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - CVE-2016-0702: Side channel attack on modular exponentiation\n "CacheBleed" (bsc#968050)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n The following non-security bugs were fixed:\n\n - bsc#889013: Rename README.SuSE to the new spelling (bsc#889013)\n\n", "edition": 1, "modified": "2016-05-09T12:08:04", "published": "2016-05-09T12:08:04", "id": "SUSE-SU-2016:1267-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html", "title": "Security update for compat-openssl098 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n\n", "edition": 1, "modified": "2016-05-05T13:11:19", "published": "2016-05-05T13:11:19", "id": "OPENSUSE-SU-2016:1240-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "This update for openssl fixes the following issues:\n\n - CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)\n - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)\n - CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)\n - CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)\n - CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)\n - bsc#976943: Buffer overrun in ASN1_parse\n - bsc#977621: Preserve negotiated digests for SNI (bsc#977621)\n - bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode\n (bsc#958501)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-05-05T18:08:51", "published": "2016-05-05T18:08:51", "id": "OPENSUSE-SU-2016:1243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html", "title": "Security update for openssl (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows (MinGW) libraries and development tools. ", "modified": "2016-05-16T17:21:44", "published": "2016-05-16T17:21:44", "id": "FEDORA:58BAF60A0C7C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3197", "CVE-2016-0705", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows (MinGW) libraries and development tools. ", "modified": "2016-05-21T00:02:56", "published": "2016-05-21T00:02:56", "id": "FEDORA:56D376268FDB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2016-10-18T10:25:17", "published": "2016-10-18T10:21:20", "id": "RHSA-2016:2073", "href": "https://access.redhat.com/errata/RHSA-2016:2073", "type": "redhat", "title": "(RHSA-2016:2073) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2018-06-06T20:24:08", "published": "2016-05-10T11:00:21", "id": "RHSA-2016:0996", "href": "https://access.redhat.com/errata/RHSA-2016:0996", "type": "redhat", "title": "(RHSA-2016:0996) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2842"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.", "modified": "2018-04-12T03:32:43", "published": "2016-05-09T08:44:04", "id": "RHSA-2016:0722", "href": "https://access.redhat.com/errata/RHSA-2016:0722", "type": "redhat", "title": "(RHSA-2016:0722) Important: openssl security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0996\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-May/009297.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0996.html", "edition": 3, "modified": "2016-05-16T10:25:52", "published": "2016-05-16T10:25:52", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-May/009297.html", "id": "CESA-2016:0996", "title": "openssl security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2842", "CVE-2016-2106"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0722\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-May/033898.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0722.html", "edition": 3, "modified": "2016-05-09T08:40:50", "published": "2016-05-09T08:40:50", "href": "http://lists.centos.org/pipermail/centos-announce/2016-May/033898.html", "id": "CESA-2016:0722", "title": "openssl security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "**Issue Overview:**\n\nA vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. ([CVE-2016-2107 __](<https://access.redhat.com/security/cve/CVE-2016-2107>), Important)\n\nIt was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an application deserializes and later reserializes untrusted ASN.1 structures containing an ANY field, an attacker may be able to trigger an out-of-bounds write, which can cause potentially exploitable memory corruption. ([CVE-2016-2108 __](<https://access.redhat.com/security/cve/CVE-2016-2108>), Important)\n\nAn overflow bug was discovered in the EVP_EncodeUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2105 __](<https://access.redhat.com/security/cve/CVE-2016-2105>), Low)\n\nAn overflow bug was discovered in the EVP_EncryptUpdate() function. An attacker could supply very large amounts of input data to overflow a length check, resulting in heap corruption. ([CVE-2016-2106 __](<https://access.redhat.com/security/cve/CVE-2016-2106>), Low)\n\nAn issue was discovered in the BIO functions, such as d2i_CMS_bio(), where a short invalid encoding in ASN.1 data can cause allocation of large amounts of memory, potentially resulting in a denial of service. ([CVE-2016-2109 __](<https://access.redhat.com/security/cve/CVE-2016-2109>), Low)\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n openssl-static-1.0.1k-14.91.amzn1.i686 \n openssl-1.0.1k-14.91.amzn1.i686 \n openssl-perl-1.0.1k-14.91.amzn1.i686 \n openssl-devel-1.0.1k-14.91.amzn1.i686 \n openssl-debuginfo-1.0.1k-14.91.amzn1.i686 \n \n src: \n openssl-1.0.1k-14.91.amzn1.src \n \n x86_64: \n openssl-perl-1.0.1k-14.91.amzn1.x86_64 \n openssl-devel-1.0.1k-14.91.amzn1.x86_64 \n openssl-debuginfo-1.0.1k-14.91.amzn1.x86_64 \n openssl-static-1.0.1k-14.91.amzn1.x86_64 \n openssl-1.0.1k-14.91.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-05-03T10:30:00", "published": "2016-05-03T10:30:00", "id": "ALAS-2016-695", "href": "https://alas.aws.amazon.com/ALAS-2016-695.html", "title": "Important: openssl", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "Huzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL \nincorrectly handled memory when decoding ASN.1 structures. A remote \nattacker could use this issue to cause OpenSSL to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2016-2108)\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when \nthe connection uses the AES CBC cipher and the server supports AES-NI. A \nremote attacker could possibly use this issue to perform a padding oracle \nattack and decrypt traffic. (CVE-2016-2107)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncodeUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2105)\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of \ninput data to the EVP_EncryptUpdate() function. A remote attacker could use \nthis issue to cause OpenSSL to crash, resulting in a denial of service, or \npossibly execute arbitrary code. (CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when \nASN.1 data is read from a BIO. A remote attacker could possibly use this \nissue to cause memory consumption, resulting in a denial of service. \n(CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to \nreject DH key sizes below 1024 bits, preventing a possible downgrade \nattack.", "edition": 5, "modified": "2016-05-03T00:00:00", "published": "2016-05-03T00:00:00", "id": "USN-2959-1", "href": "https://ubuntu.com/security/notices/USN-2959-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "paloalto": [{"lastseen": "2019-05-29T23:19:22", "bulletinFamily": "software", "cvelist": ["CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "The OpenSSL library embedded in the GlobalProtect\u2122 agent, TerminalServer\u2122 agent and UserID\u2122 agent is affected by the following public vulnerabilities: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, and CVE-2016-2176 (Ref # 100669, 100133, PAN-60833).\n", "edition": 4, "modified": "2016-10-12T00:00:00", "published": "2016-09-02T00:00:00", "id": "PAN-SA-2016-0023", "href": "https://securityadvisories.paloaltonetworks.com/Home/Detail/56", "title": "OpenSSL Vulnerabilities", "type": "paloalto", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "aix": [{"lastseen": "2019-05-29T19:19:12", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2106"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Jul 12 14:14:43 CDT 2016\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2016-2176 \n CVE-2016-2109 CVE-2016-2108 CVE-2016-2106 CVE-2016-2105)\n\n===============================================================================\n\nSUMMARY:\n\n This bulletin addresses CVE-2016-2176 CVE-2016-2109 CVE-2016-2108 \n CVE-2016-2106 CVE-2016-2105 for AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n \n CVEID: CVE-2016-2176\n DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive\n information, by sending an overly long ASN.1 string to the \n X509_NAME_oneline() function. An attacker could exploit this vulnerability\n to return arbitrary stack data in the buffer.\n CVSS Base Score: 5.3\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112858 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n \n CVEID: CVE-2016-2109\n DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a \n memory allocation error. By reading specially crafted ASN.1 data from a BIO \n using functions such as d2i_CMS_bio(), an attacker could exploit this \n vulnerability to consume all available resources and exhaust memory.\n CVSS Base Score: 5.3\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112857 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVEID: CVE-2016-2108\n DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code\n on the system, caused by a buffer underflow when deserializing untrusted ASN.1\n structures and later reserializes them. An attacker could exploit this \n vulnerability to corrupt memory and trigger an out-of-bounds write and execute \n arbitrary code on the system.\n CVSS Base Score: 8.1\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112853 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2016-2106\n DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by \n improper bounds checking by the EVP_EncryptUpdate() function. By sending an overly \n long argument, a remote attacker could overflow a buffer and execute arbitrary \n code on the system or cause the application to crash.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112856 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVEID: CVE-2016-2105\n DESCRIPTION: OpenSSL is vulnerable to a heap-based buffer overflow, caused by \n improper bounds checking by the EVP_EncodeUpdate() function. By sending an overly \n long argument, a remote attacker could overflow a buffer and execute arbitrary \n code on the system or cause the application to crash.\n CVSS Base Score: 5.6\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/112855 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY \n --------------------------------------------------\n openssl.base 0.9.8.401 0.9.8.2506 key_w_fs\n openssl.base 1.0.1.500 1.0.1.515 key_w_fs\n openssl.base 1.0.2.500 1.0.2.500 key_w_fs\n openssl.base 12.9.8.1100 12.9.8.2506 key_w_fs\n openssl.base 20.11.101.500 20.11.101.500 key_w_fs\n\n Note, 0.9.8.401 and 12.9.8.1100 are the Lowest OpenSSL version\n available in aix web download site. Even OpenSSL versions below \n this are impacted.\n\n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n A fix is available, and it can be downloaded from:\n\n https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n To extract the fixes from the tar file:\n\n For Openssl 1.0.1 version - \n zcat openssl-1.0.1.516.tar.Z | tar xvf -\n For Openssl 0.9.8 version - \n zcat openssl-0.9.8.2507.tar.Z | tar xvf -\n For Openssl 12.9.8 version - \n zcat openssl-12.9.8.2507.tar.Z | tar xvf -\n For Openssl 1.0.2 version - \n zcat openssl-1.0.2.800.tar.Z | tar xvf -\n For Openssl 20.11.101 version - \n zcat openssl-20.11.101.501.tar.Z | tar xvf - \n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n Note that all the previously reported security vulnerability fixes is also\n included in above mentioned fileset level. Please refer to the readme file \n (provided along with the fileset) for the complete list of vulnerabilities fixed.\n\n To preview the fix installation:\n\n installp -apYd . openssl\n\n To install the fix package:\n\n installp -aXYd . openssl\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc.sig \n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can :\n\n A. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Note: Keywords labeled as KEY in this document are used for parsing purposes.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112858\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112857\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112853\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112856\n X-Force Vulnerability Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112855\n CVE-2016-2176 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176\n CVE-2016-2109 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109\n CVE-2016-2108 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108\n CVE-2016-2106 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106\n CVE-2016-2105 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105\n\n \n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Jul 12 14:14:43 CDT 2016\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "modified": "2016-07-12T14:14:43", "published": "2016-07-12T14:14:43", "id": "OPENSSL_ADVISORY20.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc", "title": "Vulnerabilities in OpenSSL affect AIX", "type": "aix", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2016-2108", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2106"], "description": "USN-2959-1 OpenSSL vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu, OpenSSL\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS, OpenSSLv1 \n\n# Description\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2108](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2108/>))\n\nJuraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. ([CVE-2016-2107](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2107>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2105](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2105>))\n\nGuido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. ([CVE-2016-2106](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2106>))\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. ([CVE-2016-2109](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2109>))\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.x versions prior to 3146.11 AND other versions prior to 3232.2 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.11 OR other versions to 3232.2 \n\n# Credit\n\nHuzaifa Sidhpurwala, Hanno B\u00f6ck, and David Benjamin, Juraj Somorovsky, Guido Vranken, Brian Carpenter\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2959-1/>\n", "edition": 5, "modified": "2016-05-06T00:00:00", "published": "2016-05-06T00:00:00", "id": "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "href": "https://www.cloudfoundry.org/blog/usn-2959-1/", "title": "USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
