Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2014-0007.NASL
HistoryNov 26, 2014 - 12:00 a.m.

OracleVM 2.2 : openssl (OVMSA-2014-0007)

2014-11-2600:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
89
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • fix for CVE-2014-0224 - SSL/TLS MITM vulnerability

  • replace expired GlobalSign Root CA certificate in ca-bundle.crt

  • fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589)

  • fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052)

  • enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051)

  • use __secure_getenv everywhere instead of getenv (#839735)

  • fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)

  • fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185)

  • fix problem with the SGC restart patch that might terminate handshake incorrectly

  • fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725)

  • fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489)

  • fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770)

  • fix for CVE-2011-4109 - double free in policy checks (#771771)

  • fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775)

  • fix for CVE-2011-4619 - SGC restart DoS attack (#771780)

  • add known answer test for SHA2 algorithms (#740866)

  • make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410)

  • fix incorrect return value in parse_yesno (#726593)

  • added DigiCert CA certificates to ca-bundle (#735819)

  • added a new section about error states to README.FIPS (#628976)

  • add missing DH_check_pub_key call when DH key is computed (#698175)

  • presort list of ciphers available in SSL (#688901)

  • accept connection in s_server even if getaddrinfo fails (#561260)

  • point to openssl dgst for list of supported digests (#608639)

  • fix handling of future TLS versions (#599112)

  • added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856)

  • upstream fixes for the CHIL engine (#622003, #671484)

  • add SHA-2 hashes in SSL_library_init (#676384)

  • fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)

  • fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924)

  • fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774)

  • fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125)

  • fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197)

  • fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2014-0007.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79531);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2009-2409",
    "CVE-2009-3245",
    "CVE-2009-3555",
    "CVE-2009-4355",
    "CVE-2010-0433",
    "CVE-2010-4180",
    "CVE-2011-4108",
    "CVE-2011-4109",
    "CVE-2011-4576",
    "CVE-2011-4619",
    "CVE-2012-0050",
    "CVE-2012-0884",
    "CVE-2012-1165",
    "CVE-2012-2110",
    "CVE-2012-2333",
    "CVE-2012-4929",
    "CVE-2013-0166",
    "CVE-2013-0169",
    "CVE-2014-0224"
  );
  script_bugtraq_id(
    29330,
    31692,
    36935,
    38562,
    45164,
    51281,
    51563,
    52428,
    52764,
    53158,
    53476,
    55704,
    57755,
    57778,
    60268,
    67899
  );
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"OracleVM 2.2 : openssl (OVMSA-2014-0007)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OracleVM host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability

  - replace expired GlobalSign Root CA certificate in
    ca-bundle.crt

  - fix for CVE-2013-0169 - SSL/TLS CBC timing attack
    (#907589)

  - fix for CVE-2013-0166 - DoS in OCSP signatures checking
    (#908052)

  - enable compression only if explicitly asked for or
    OPENSSL_DEFAULT_ZLIB environment variable is set (fixes
    CVE-2012-4929 #857051)

  - use __secure_getenv everywhere instead of getenv
    (#839735)

  - fix for CVE-2012-2333 - improper checking for record
    length in DTLS (#820686)

  - fix for CVE-2012-2110 - memory corruption in
    asn1_d2i_read_bio (#814185)

  - fix problem with the SGC restart patch that might
    terminate handshake incorrectly

  - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7
    code (#802725)

  - fix for CVE-2012-1165 - NULL read dereference on bad
    MIME headers (#802489)

  - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext
    recovery vulnerability and additional DTLS fixes
    (#771770)

  - fix for CVE-2011-4109 - double free in policy checks
    (#771771)

  - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding
    (#771775)

  - fix for CVE-2011-4619 - SGC restart DoS attack (#771780)

  - add known answer test for SHA2 algorithms (#740866)

  - make default private key length in certificate Makefile
    2048 bits (can be changed with PRIVATE_KEY_BITS setting)
    (#745410)

  - fix incorrect return value in parse_yesno (#726593)

  - added DigiCert CA certificates to ca-bundle (#735819)

  - added a new section about error states to README.FIPS
    (#628976)

  - add missing DH_check_pub_key call when DH key is
    computed (#698175)

  - presort list of ciphers available in SSL (#688901)

  - accept connection in s_server even if getaddrinfo fails
    (#561260)

  - point to openssl dgst for list of supported digests
    (#608639)

  - fix handling of future TLS versions (#599112)

  - added VeriSign Class 3 Public Primary Certification
    Authority - G5 and StartCom Certification Authority
    certs to ca-bundle (#675671, #617856)

  - upstream fixes for the CHIL engine (#622003, #671484)

  - add SHA-2 hashes in SSL_library_init (#676384)

  - fix CVE-2010-4180 - completely disable code for
    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462)

  - fix CVE-2009-3245 - add missing bn_wexpand return checks
    (#570924)

  - fix CVE-2010-0433 - do not pass NULL princ to
    krb5_kt_get_entry which in the RHEL-5 and newer versions
    will crash in such case (#569774)

  - fix CVE-2009-3555 - support the safe renegotiation
    extension and do not allow legacy renegotiation on the
    server by default (#533125)

  - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables
    (#510197)

  - fix CVE-2009-4355 - do not leak memory when
    CRYPTO_cleanup_all_ex_data is called prematurely by
    application (#546707)");
  script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2014-June/000210.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected openssl package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(20, 310, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"OracleVM Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);

flag = 0;
if (rpm_check(release:"OVS2.2", reference:"openssl-0.9.8e-27.el5_10.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
}
VendorProductVersionCPE
oraclevmopensslp-cpe:/a:oracle:vm:openssl
oraclevm_server2.2cpe:/o:oracle:vm_server:2.2

References

Related

nessus 57
redhat 8
cert 1
ibm 2
suse 2
openvas 88
oraclelinux 5
aix 2
fedora 12
freebsd_advisory 1
freebsd 2
centos 5
debian 2
securityvulns 5
osv 3
gentoo 2
amazon 2
nessus
nessus
OracleVM 3.2 : onpenssl (OVMSA-2014-0008)
2014-11-26 00:00:00
AIX OpenSSL Advisory : openssl_advisory3.asc
2014-04-16 00:00:00
FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)
2012-06-28 00:00:00
redhat
redhat
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
cert
cert
Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL
2013-03-18 00:00:00
ibm
ibm
Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL
2022-09-25 20:45:36
Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100 and IBM Smart Analytics System 1050, 2050, 5600 and 5710 are affected by vulnerabilities in OpenSSL
2022-09-25 23:13:40
suse
suse
Security update for openssl (important)
2012-05-30 23:08:17
Security update for OpenSSL (important)
2012-01-16 17:08:28
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0674-1)
2021-06-09 00:00:00
Oracle: Security Advisory (ELSA-2012-0060)
2015-10-06 00:00:00
FreeBSD Ports: FreeBSD
2012-08-10 00:00:00
oraclelinux
oraclelinux
openssl security update
2012-01-24 00:00:00
openssl security update
2012-01-24 00:00:00
openssl security update
2010-03-25 00:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-03-21 13:02:49
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16
2012-04-27 20:50:05
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1c-1.fc18
2012-11-23 07:52:37
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
OpenSSL -- multiple vulnerabilities
2012-01-04 00:00:00
centos
centos
openssl security update
2012-01-24 21:54:22
openssl security update
2012-03-28 00:47:32
openssl security update
2010-03-27 17:30:13
debian
debian
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
[SECURITY] [DSA 2390-1] openssl security update
2012-01-15 20:23:09
securityvulns
securityvulns
[SECURITY] [DSA 2454-1] openssl security update
2012-04-22 00:00:00
OpenSSL library multiple security vulnerabilities
2012-01-20 00:00:00
[security bulletin] HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator &#40;OA&#41;, Remote Unauthorized Access to Data, Unauthorized Disclosure of Information Denial of Service &#40;DoS&#41;
2012-06-17 00:00:00
osv
osv
openssl - several
2012-01-15 00:00:00
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2012-03-06 00:00:00
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
amazon
amazon
Medium: openssl
2013-03-14 22:04:00
Medium: openssl
2012-02-02 14:24:00
JSON
Related for ORACLEVM_OVMSA-2014-0007.NASL
nessus57redhat8cert1ibm2suse2openvas88oraclelinux5aix2fedora12freebsd_advisory1freebsd2centos5debian2securityvulns5osv3gentoo2amazon2