According to its self-reported version number, the remote pfSense install is prior to 2.2.3. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories.
{"nessus": [{"lastseen": "2023-01-11T14:44:22", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\\\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98802", "href": "https://www.tenable.com/plugins/was/98802", "sourceData": "No source data", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:16:58", "description": "According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.42. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.4.x < 5.4.42 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_4_42.NASL", "href": "https://www.tenable.com/plugins/nessus/84362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84362);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.4.x < 5.4.42 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.4.x running on the\nremote web server is prior to 5.4.42. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.4.42\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.4.42 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.4)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.4\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.4.x\", port);\n\nif (version =~ \"^5\\.4\\.([0-9]|[1-3][0-9]|4[01])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.4.42' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:16:48", "description": "According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.10. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_10.NASL", "href": "https://www.tenable.com/plugins/nessus/84364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84364);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.6.x < 5.6.10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.6.x running on the\nremote web server is prior to 5.6.10. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nif (version =~ \"^5\\.6\\.[0-9]($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.6.10' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:56:19", "description": "Versions of PHP 5.5.x prior to 5.5.26, or 5.6.x prior to 5.6.10 are exposed to the following vulnerabilities :\n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the 'compile_branch()' and 'pcre_compile2()' functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition. (CVE-2015-3414)\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the 'sqlite3VdbeExec()' function in 'vdbe.c'. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the 'sqlite3VXPrintf()' function in 'printf.c'. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions. (CVE-2015-4598)\n - An arbitrary command injection vulnerability exists due to a flaw in the 'php_escape_shell_arg()' function in 'exec.c'. A remote attacker can exploit this, via the 'escapeshellarg()' PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n - A heap buffer overflow condition exists in the 'ftp_genlist()' function in 'ftp.c'. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643)\n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the 'build_tablename()' function in 'pgsql.c'. An authenticated, remote attacker can exploit this to cause an application crash. (CVE-2015-4644)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.26 / 5.6.x < 5.6.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "id": "8787.PRM", "href": "https://www.tenable.com/plugins/nnm/8787", "sourceData": "Binary data 8787.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:38:08", "description": "According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : \n\n - Multiple heap buffer overflow conditions exist in the bundled Perl-Compatible Regular Expression (PCRE) library due to improper validation of user-supplied input to the compile_branch() and pcre_compile2() functions. A remote attacker can exploit these conditions to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-2325, CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of quotes in collation sequence names. A remote attacker can exploit this to cause uninitialized memory access, resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to an improper implementation of comparison operators in the sqlite3VdbeExec() function in vdbe.c. A remote attacker can exploit this to cause an invalid free operation, resulting in a denial of service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled SQLite component due to improper handling of precision and width values during floating-point conversions in the sqlite3VXPrintf() function in printf.c. A remote attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure in multiple extensions to check for NULL bytes in a path when processing or reading a file. A remote attacker can exploit this, by combining the '\\0' character with a safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due to a flaw in the php_escape_shell_arg() function in exec.c. A remote attacker can exploit this, via the escapeshellarg() PHP method, to inject arbitrary operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the ftp_genlist() function in ftp.c. due to improper validation of user-supplied input. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-4643) \n - A denial of service vulnerability exists due to a NULL pointer dereference flaw in the build_tablename() function in pgsql.c. An authenticated, remote attacker can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-24T00:00:00", "type": "nessus", "title": "PHP 5.5.x < 5.5.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4598", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_5_26.NASL", "href": "https://www.tenable.com/plugins/nessus/84363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84363);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-2325\",\n \"CVE-2015-2326\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-4598\",\n \"CVE-2015-4642\",\n \"CVE-2015-4643\",\n \"CVE-2015-4644\"\n );\n script_bugtraq_id(\n 74228,\n 75174,\n 75175,\n 75244,\n 75290,\n 75291,\n 75292\n );\n\n script_name(english:\"PHP 5.5.x < 5.5.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server uses a version of PHP that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP 5.5.x running on the\nremote web server is prior to 5.5.26. It is, therefore, affected by\nmultiple vulnerabilities : \n\n - Multiple heap buffer overflow conditions exist in the\n bundled Perl-Compatible Regular Expression (PCRE)\n library due to improper validation of user-supplied\n input to the compile_branch() and pcre_compile2()\n functions. A remote attacker can exploit these\n conditions to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2015-2325,\n CVE-2015-2326)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of quotes\n in collation sequence names. A remote attacker can\n exploit this to cause uninitialized memory access,\n resulting in denial of service condition.\n (CVE-2015-3414)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to an improper implementation of\n comparison operators in the sqlite3VdbeExec() function\n in vdbe.c. A remote attacker can exploit this to cause\n an invalid free operation, resulting in a denial of\n service condition. (CVE-2015-3415)\n\n - A denial of service vulnerability exists in the bundled\n SQLite component due to improper handling of precision\n and width values during floating-point conversions in\n the sqlite3VXPrintf() function in printf.c. A remote\n attacker can exploit this to cause a stack-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2015-3416)\n\n - A security bypass vulnerability exists due to a failure\n in multiple extensions to check for NULL bytes in a path\n when processing or reading a file. A remote attacker can\n exploit this, by combining the '\\0' character with a\n safe file extension, to bypass access restrictions.\n (CVE-2015-4598)\n\n - An arbitrary command injection vulnerability exists due\n to a flaw in the php_escape_shell_arg() function in\n exec.c. A remote attacker can exploit this, via the\n escapeshellarg() PHP method, to inject arbitrary\n operating system commands. (CVE-2015-4642)\n\n - A heap buffer overflow condition exists in the\n ftp_genlist() function in ftp.c. due to improper\n validation of user-supplied input. A remote attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2015-4643)\n \n - A denial of service vulnerability exists due to a NULL\n pointer dereference flaw in the build_tablename()\n function in pgsql.c. An authenticated, remote attacker\n can exploit this to cause an application crash.\n (CVE-2015-4644)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.5.26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.5.26 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4642\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.5)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.5\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.5.x\", port);\n\nif (version =~ \"^5\\.5\\.([0-9]|1[0-9]|2[0-5])($|[^0-9])\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.5.26' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:18:13", "description": "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php56 (ALAS-2015-563)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php56", "p-cpe:/a:amazon:linux:php56-bcmath", "p-cpe:/a:amazon:linux:php56-cli", "p-cpe:/a:amazon:linux:php56-common", "p-cpe:/a:amazon:linux:php56-dba", "p-cpe:/a:amazon:linux:php56-dbg", "p-cpe:/a:amazon:linux:php56-debuginfo", "p-cpe:/a:amazon:linux:php56-devel", "p-cpe:/a:amazon:linux:php56-embedded", "p-cpe:/a:amazon:linux:php56-enchant", "p-cpe:/a:amazon:linux:php56-fpm", "p-cpe:/a:amazon:linux:php56-gd", "p-cpe:/a:amazon:linux:php56-gmp", "p-cpe:/a:amazon:linux:php56-imap", "p-cpe:/a:amazon:linux:php56-intl", "p-cpe:/a:amazon:linux:php56-ldap", "p-cpe:/a:amazon:linux:php56-mbstring", "p-cpe:/a:amazon:linux:php56-mcrypt", "p-cpe:/a:amazon:linux:php56-mssql", "p-cpe:/a:amazon:linux:php56-mysqlnd", "p-cpe:/a:amazon:linux:php56-odbc", "p-cpe:/a:amazon:linux:php56-opcache", "p-cpe:/a:amazon:linux:php56-pdo", "p-cpe:/a:amazon:linux:php56-pgsql", "p-cpe:/a:amazon:linux:php56-process", "p-cpe:/a:amazon:linux:php56-pspell", "p-cpe:/a:amazon:linux:php56-recode", "p-cpe:/a:amazon:linux:php56-snmp", "p-cpe:/a:amazon:linux:php56-soap", "p-cpe:/a:amazon:linux:php56-tidy", "p-cpe:/a:amazon:linux:php56-xml", "p-cpe:/a:amazon:linux:php56-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-563.NASL", "href": "https://www.tenable.com/plugins/nessus/84625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-563.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84625);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3416\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_xref(name:\"ALAS\", value:\"2015-563\");\n\n script_name(english:\"Amazon Linux AMI : php56 (ALAS-2015-563)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream reports that several bugs have been fixed as well as several\nsecurity issues into some bundled libraries (CVE-2015-3414 ,\nCVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All\nPHP 5.6 users are encouraged to upgrade to this version. Please see\nthe upstream release notes for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.6.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-563.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php56-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php56-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-bcmath-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-cli-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-common-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dba-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-dbg-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-debuginfo-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-devel-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-embedded-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-enchant-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-fpm-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gd-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-gmp-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-imap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-intl-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-ldap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mbstring-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mcrypt-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mssql-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-mysqlnd-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-odbc-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-opcache-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pdo-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pgsql-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-process-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-pspell-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-recode-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-snmp-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-soap-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-tidy-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xml-5.6.10-1.115.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php56-xmlrpc-5.6.10-1.115.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php56 / php56-bcmath / php56-cli / php56-common / php56-dba / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:17:39", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-198-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-198-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84830);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3152\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_bugtraq_id(74228, 75174, 75175, 75290, 75291, 75292);\n script_xref(name:\"SSA\", value:\"2015-198-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : php (SSA:2015-198-02) (BACKRONYM)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New php packages are available for Slackware 14.0, 14.1, and -current\nto fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72457f25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected php package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"5.6.11\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"php\", pkgver:\"5.6.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:18:24", "description": "Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php55 (ALAS-2015-562)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php55", "p-cpe:/a:amazon:linux:php55-bcmath", "p-cpe:/a:amazon:linux:php55-cli", "p-cpe:/a:amazon:linux:php55-common", "p-cpe:/a:amazon:linux:php55-dba", "p-cpe:/a:amazon:linux:php55-debuginfo", "p-cpe:/a:amazon:linux:php55-devel", "p-cpe:/a:amazon:linux:php55-embedded", "p-cpe:/a:amazon:linux:php55-enchant", "p-cpe:/a:amazon:linux:php55-fpm", "p-cpe:/a:amazon:linux:php55-gd", "p-cpe:/a:amazon:linux:php55-gmp", "p-cpe:/a:amazon:linux:php55-imap", "p-cpe:/a:amazon:linux:php55-intl", "p-cpe:/a:amazon:linux:php55-ldap", "p-cpe:/a:amazon:linux:php55-mbstring", "p-cpe:/a:amazon:linux:php55-mcrypt", "p-cpe:/a:amazon:linux:php55-mssql", "p-cpe:/a:amazon:linux:php55-mysqlnd", "p-cpe:/a:amazon:linux:php55-odbc", "p-cpe:/a:amazon:linux:php55-opcache", "p-cpe:/a:amazon:linux:php55-pdo", "p-cpe:/a:amazon:linux:php55-pgsql", "p-cpe:/a:amazon:linux:php55-process", "p-cpe:/a:amazon:linux:php55-pspell", "p-cpe:/a:amazon:linux:php55-recode", "p-cpe:/a:amazon:linux:php55-snmp", "p-cpe:/a:amazon:linux:php55-soap", "p-cpe:/a:amazon:linux:php55-tidy", "p-cpe:/a:amazon:linux:php55-xml", "p-cpe:/a:amazon:linux:php55-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-562.NASL", "href": "https://www.tenable.com/plugins/nessus/84624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-562.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84624);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3416\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_xref(name:\"ALAS\", value:\"2015-562\");\n\n script_name(english:\"Amazon Linux AMI : php55 (ALAS-2015-562)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream reports that several bugs have been fixed as well as several\nsecurity issues into some bundled libraries (CVE-2015-3414 ,\nCVE-2015-3415 , CVE-2015-3416 , CVE-2015-2325 and CVE-2015-2326). All\nPHP 5.5 users are encouraged to upgrade to this version. Please see\nthe upstream release notes for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-562.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php55' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php55-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php55-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-bcmath-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-cli-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-common-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-dba-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-debuginfo-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-devel-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-embedded-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-enchant-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-fpm-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gd-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-gmp-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-imap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-intl-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-ldap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mbstring-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mcrypt-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mssql-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-mysqlnd-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-odbc-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-opcache-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pdo-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pgsql-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-process-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-pspell-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-recode-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-snmp-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-soap-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-tidy-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xml-5.5.26-1.103.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php55-xmlrpc-5.5.26-1.103.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php55 / php55-bcmath / php55-cli / php55-common / php55-dba / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-28T14:37:23", "description": "The remote host is affected by the vulnerability described in GLSA-201506-02 (OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause Denial of Service and information disclosure.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-23T00:00:00", "type": "nessus", "title": "GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:openssl", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201506-02.NASL", "href": "https://www.tenable.com/plugins/nessus/84330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201506-02.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84330);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"GLSA\", value:\"201506-02\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"GLSA-201506-02 : OpenSSL: Multiple vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-201506-02\n(OpenSSL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in OpenSSL. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause Denial of Service and information\n disclosure.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/201506-02\");\n script_set_attribute(attribute:\"solution\", value:\n\"All OpenSSL 1.0.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.1o'\n All OpenSSL 0.9.8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.8z_p7'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/openssl\", unaffected:make_list(\"ge 1.0.1o\", \"rge 0.9.8z_p7\", \"rge 0.9.8z_p8\", \"rge 0.9.8z_p9\", \"rge 0.9.8z_p10\", \"rge 0.9.8z_p11\", \"rge 0.9.8z_p12\", \"rge 0.9.8z_p13\", \"rge 0.9.8z_p14\", \"rge 0.9.8z_p15\"), vulnerable:make_list(\"lt 1.0.1o\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:31", "description": "The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:linux-c6-openssl", "p-cpe:/a:freebsd:freebsd:mingw32-openssl", "p-cpe:/a:freebsd:freebsd:openssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/84133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84133);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"FreeBSD\", value:\"SA-15:10.openssl\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"FreeBSD : openssl -- multiple vulnerabilities (8305e215-1080-11e5-8ba2-000c2980a9f3) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The OpenSSL team reports :\n\n- Missing DHE man-in-the-middle protection (Logjam) (CVE-2015-4000)\n\n- Malformed ECParameters causes infinite loop (CVE-2015-1788)\n\n- Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n\n- PKCS#7 crash with missing EnvelopedContent (CVE-2015-1790)\n\n- CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n\n- Race condition handling NewSessionTicket (CVE-2015-1791)\n\n- Invalid free in DTLS (CVE-2014-8176)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n # https://vuxml.freebsd.org/freebsd/8305e215-1080-11e5-8ba2-000c2980a9f3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8779dead\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl<1.0.2_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.2b\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-openssl<1.0.1e_6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl<2.1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:40", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.\n\n - CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788 Joseph Barr-Pixton discovered that an infinite loop could be triggered due to incorrect handling of malformed ECParameters structures. This could allow remote attackers to cause a denial of service.\n\n - CVE-2015-1789 Robert Swiecki and Hanno Bock discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs.\n\n - CVE-2015-1790 Michal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791 Emilia Kasper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash).\n\n - CVE-2015-1792 Johannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000 ).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-15T00:00:00", "type": "nessus", "title": "Debian DSA-3287-1 : openssl - security update (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3287.NASL", "href": "https://www.tenable.com/plugins/nessus/84170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3287. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84170);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"DSA\", value:\"3287\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DSA-3287-1 : openssl - security update (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\n - CVE-2014-8176\n Praveen Kariyanahalli, Ivan Fratric and Felix Groebert\n discovered that an invalid memory free could be\n triggered when buffering DTLS data. This could allow\n remote attackers to cause a denial of service (crash) or\n potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).\n\n - CVE-2015-1788\n Joseph Barr-Pixton discovered that an infinite loop\n could be triggered due to incorrect handling of\n malformed ECParameters structures. This could allow\n remote attackers to cause a denial of service.\n\n - CVE-2015-1789\n Robert Swiecki and Hanno Bock discovered that the\n X509_cmp_time function could read a few bytes out of\n bounds. This could allow remote attackers to cause a\n denial of service (crash) via crafted certificates and\n CRLs.\n\n - CVE-2015-1790\n Michal Zalewski discovered that the PKCS#7 parsing code\n did not properly handle missing content which could lead\n to a NULL pointer dereference. This could allow remote\n attackers to cause a denial of service (crash) via\n crafted ASN.1-encoded PKCS#7 blobs.\n\n - CVE-2015-1791\n Emilia Kasper discovered that a race condition could\n occur due to incorrect handling of NewSessionTicket in a\n multi-threaded client, leading to a double free. This\n could allow remote attackers to cause a denial of\n service (crash).\n\n - CVE-2015-1792\n Johannes Bauer discovered that the CMS code could enter\n an infinite loop when verifying a signedData message, if\n presented with an unknown hash function OID. This could\n allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000 ).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2014-8176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-1792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/openssl\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2015/dsa-3287\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the openssl packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.0.1k-3+deb8u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libssl-dev\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl-doc\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u17\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1k-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1k-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "The version of OpenSSL installed on the remote AIX host is affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:ibm:aix", "cpe:/a:openssl:openssl"], "id": "AIX_OPENSSL_ADVISORY14.NASL", "href": "https://www.tenable.com/plugins/nessus/84880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84880);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"AIX OpenSSL Advisory : openssl_advisory14.asc (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of OpenSSL installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote AIX host is affected by\nmultiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory14.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" && oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3 / 6.1 / 7.1\", oslevel);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\n#0.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9b\", package:\"openssl.base\", minfilesetver:\"0.0.0.0\", maxfilesetver:\"0.9.8.2505\") < 0) flag++;\n\n#12.9.8.2505\nif (aix_check_ifix(release:\"5.3\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", patch:\"IV74809s9c\", package:\"openssl.base\", minfilesetver:\"12.0.0.0\", maxfilesetver:\"12.9.8.2505\") < 0) flag++;\n\n# Check 1.0.1 versions only after other two pass, this one has the\n# potential to audit out early.\nif (flag == 0)\n{\n #1.0.1.514\n # ifix on POWER8 machines is IV75570m9a. ifix on all others is IV74809s9a\n aix_processor = get_kb_item(\"Host/AIX/processor\");\n if (empty_or_null(aix_processor)) audit(AUDIT_KB_MISSING, \"Host/AIX/processor\");\n ifix = \"(IV74809s9a|IV75570m9a)\";\n if (\"POWER8\" >< aix_processor) ifix = \"IV75570m9a\";\n if (aix_check_ifix(release:\"5.3\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"6.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n if (aix_check_ifix(release:\"7.1\", patch:ifix, package:\"openssl.base\", minfilesetver:\"1.0.1.500\", maxfilesetver:\"1.0.1.514\") < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_extra);\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2639-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2639-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84148);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_bugtraq_id(75159);\n script_xref(name:\"USN\", value:\"2639-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : openssl vulnerabilities (USN-2639-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled\nmalformed ECParameters structures. A remote attacker could use this\nissue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1788)\n\nRobert Swiecki and Hanno Bock discovered that OpenSSL incorrectly\nhandled certain ASN1_TIME strings. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing\ncontent when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker\ncould use this issue to cause OpenSSL to crash, resulting in a denial\nof service. (CVE-2015-1790)\n\nEmilia Kasper discovered that OpenSSL incorrectly handled\nNewSessionTicket when being used by a multi-threaded client. A remote\nattacker could use this issue to cause OpenSSL to crash, resulting in\na denial of service. (CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. A remote attacker could use\nthis issue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour\nto reject DH key sizes below 768 bits, preventing a possible downgrade\nattack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2639-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1-4ubuntu5.31\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.15\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu9.8\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu11.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:13", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This issue only affected the oldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time function could read a few bytes out of bounds. This could allow remote attackers to cause a denial of service (crash) via crafted certificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not properly handle missing content which could lead to a NULL pointer dereference. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to incorrect handling of NewSessionTicket in a multi-threaded client, leading to a double free. This could allow remote attackers to cause a denial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite loop when verifying a signedData message, if presented with an unknown hash function OID. This could allow remote attackers to cause a denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters shorter than 768 bits as a countermeasure against the Logjam attack (CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Debian DLA-247-1 : openssl security update (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl0.9.8", "p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-247.NASL", "href": "https://www.tenable.com/plugins/nessus/84253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-247-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84253);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Debian DLA-247-1 : openssl security update (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nan invalid memory free could be triggered when buffering DTLS data.\nThis could allow remote attackers to cause a denial of service (crash)\nor potentially execute arbitrary code. This issue only affected the\noldstable distribution (wheezy).\n\nCVE-2015-1789\n\nRobert Swiecki and Hanno B??ck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\n\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\n\nEmilia K??sper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause a\ndenial of service (crash).\n\nCVE-2015-1792\n\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an unknown\nhash function OID. This could allow remote attackers to cause a denial\nof service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000).\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00013.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/squeeze-lts/openssl\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto0.9.8-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl0.9.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcrypto0.9.8-udeb\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl-dev\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libssl0.9.8-dbg\", reference:\"0.9.8o-4squeeze21\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openssl\", reference:\"0.9.8o-4squeeze21\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:17:24", "description": "Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416). All PHP 5.4 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-09T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : php54 (ALAS-2015-561)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:php54", "p-cpe:/a:amazon:linux:php54-bcmath", "p-cpe:/a:amazon:linux:php54-cli", "p-cpe:/a:amazon:linux:php54-common", "p-cpe:/a:amazon:linux:php54-dba", "p-cpe:/a:amazon:linux:php54-debuginfo", "p-cpe:/a:amazon:linux:php54-devel", "p-cpe:/a:amazon:linux:php54-embedded", "p-cpe:/a:amazon:linux:php54-enchant", "p-cpe:/a:amazon:linux:php54-fpm", "p-cpe:/a:amazon:linux:php54-gd", "p-cpe:/a:amazon:linux:php54-imap", "p-cpe:/a:amazon:linux:php54-intl", "p-cpe:/a:amazon:linux:php54-ldap", "p-cpe:/a:amazon:linux:php54-mbstring", "p-cpe:/a:amazon:linux:php54-mcrypt", "p-cpe:/a:amazon:linux:php54-mssql", "p-cpe:/a:amazon:linux:php54-mysql", "p-cpe:/a:amazon:linux:php54-mysqlnd", "p-cpe:/a:amazon:linux:php54-odbc", "p-cpe:/a:amazon:linux:php54-pdo", "p-cpe:/a:amazon:linux:php54-pgsql", "p-cpe:/a:amazon:linux:php54-process", "p-cpe:/a:amazon:linux:php54-pspell", "p-cpe:/a:amazon:linux:php54-recode", "p-cpe:/a:amazon:linux:php54-snmp", "p-cpe:/a:amazon:linux:php54-soap", "p-cpe:/a:amazon:linux:php54-tidy", "p-cpe:/a:amazon:linux:php54-xml", "p-cpe:/a:amazon:linux:php54-xmlrpc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-561.NASL", "href": "https://www.tenable.com/plugins/nessus/84623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-561.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84623);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-3416\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-4642\", \"CVE-2015-4643\", \"CVE-2015-4644\");\n script_xref(name:\"ALAS\", value:\"2015-561\");\n\n script_name(english:\"Amazon Linux AMI : php54 (ALAS-2015-561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream reports that six security-related issues in PHP were fixed in\nthis release, as well as several security issues in bundled sqlite\nlibrary (CVE-2015-3414 , CVE-2015-3415 , CVE-2015-3416). All PHP 5.4\nusers are encouraged to upgrade to this version. Please see the\nupstream release notes for full details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.4.42\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-561.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php54' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-process\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-pspell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php54-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php54-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-bcmath-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-cli-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-common-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-dba-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-debuginfo-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-devel-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-embedded-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-enchant-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-fpm-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-gd-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-imap-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-intl-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-ldap-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mbstring-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mcrypt-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mssql-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysql-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-mysqlnd-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-odbc-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pdo-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pgsql-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-process-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-pspell-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-recode-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-snmp-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-soap-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-tidy-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xml-5.4.42-1.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php54-xmlrpc-5.4.42-1.71.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php54 / php54-bcmath / php54-cli / php54-common / php54-dba / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as Logjam, due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_1N.NASL", "href": "https://www.tenable.com/plugins/nessus/84153", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84153);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.1 < 1.0.1n Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.1 prior to 1.0.1n. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability exists, known as\n Logjam, due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.1n or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.1n', min:\"1.0.1\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:18", "description": "Versions of OpenSSL prior to 1.0.1n, or 1.0.2b are unpatched for the following vulnerabilities :\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.1 < 1.0.1n / 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "8790.PRM", "href": "https://www.tenable.com/plugins/nnm/8790", "sourceData": "Binary data 8790.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_2B.NASL", "href": "https://www.tenable.com/plugins/nessus/84154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84154);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"OpenSSL 1.0.2 < 1.0.2b Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.2 prior to 1.0.2b. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.2b or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.2b', min:\"1.0.2\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:52", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-162-01.NASL", "href": "https://www.tenable.com/plugins/nessus/84126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-162-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84126);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"SSA\", value:\"2015-162-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-162-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf3fe0df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zg\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1n\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:42", "description": "According to its banner, the remote web server uses a version of OpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8ZG.NASL", "href": "https://www.tenable.com/plugins/nessus/84151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84151);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 0.9.8 prior to 0.9.8zg. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 0.9.8gz or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'0.9.8zg', min:\"0.9.8\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:13", "description": "According to its banner, the remote web server uses a version of OpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-12T00:00:00", "type": "nessus", "title": "OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0S.NASL", "href": "https://www.tenable.com/plugins/nessus/84152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84152);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n\n script_name(english:\"OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL 1.0.0 prior to 1.0.0s. The OpenSSL library is, therefore,\naffected by the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the\n ASN1_TIME string by the X509_cmp_time() function. A\n remote attacker can exploit this, via a malformed\n certificate and CRLs of various sizes, to cause a\n segmentation fault, resulting in a denial of service\n condition. TLS clients that verify CRLs are affected.\n TLS clients and servers with client authentication\n enabled may be affected if they use custom verification\n callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL 1.0.0s or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.0.0s', min:\"1.0.0\", severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:20", "description": "Versions of OpenSSL prior to 0.9.8zg, or 1.0.0 prior to 1.0.0s are unpatched for the following vulnerabilities :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - An off-by-one overflow condition affects the BN_rand() function in 'crypto/bn/random.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, resulting in a denial of service.\n\n - An off-by-one overflow condition affects the BN_bn2hex() function in 'crypto/bn/bn_print.c'. The issue is triggered as user-supplied input is not properly validated. This may allow an attacker to cause a buffer overflow, potentially resulting in a denial of service or another, more severe impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "OpenSSL 0.9.8 < 0.9.8zg / 1.0.0 < 1.0.0s Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"], "id": "8791.PRM", "href": "https://www.tenable.com/plugins/nnm/8791", "sourceData": "Binary data 8791.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:32", "description": "LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash.\n(CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-1790)\n\nA race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash.\n(CVE-2015-1791)\n\nA denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification. (CVE-2015-1792)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution.\n(CVE-2014-8176)\n\nA regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. (CVE-2015-3216)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-550.NASL", "href": "https://www.tenable.com/plugins/nessus/84251", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-550.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84251);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"ALAS\", value:\"2015-550\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"LOGJAM: A flaw was found in the way the TLS protocol composes the\nDiffie-Hellman exchange (for both export and non-export grade cipher\nsuites). An attacker could use this flaw to downgrade a DHE connection\nto use export-grade key sizes, which could then be broken by\nsufficient pre-computation. This can lead to a passive\nman-in-the-middle attack in which the attacker is able to decrypt all\ntraffic. (CVE-2015-4000)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL, which is used to test the expiry dates of SSL/TLS\ncertificates. An attacker could possibly use a specially crafted\nSSL/TLS certificate or CRL (Certificate Revocation List), which when\nparsed by an application would cause that application to crash.\n(CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. An attacker able to make an application using\nOpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input\ncould cause that application to crash. TLS/SSL clients and servers\nusing OpenSSL were not affected by this flaw. (CVE-2015-1790)\n\nA race condition was found in the session handling code of OpenSSL. An\nattacker could cause a multi-threaded SSL/TLS server to crash.\n(CVE-2015-1791)\n\nA denial of service flaw was found in OpenSSL in the way it verified\ncertain signed messages using CMS (Cryptographic Message Syntax). A\nremote attacker could cause an application using OpenSSL to use\nexcessive amounts of memory by sending a specially crafted message for\nverification. (CVE-2015-1792)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could send a\nspecially crafted message to the peer, which could cause the\napplication to crash or potentially cause arbitrary code execution.\n(CVE-2014-8176)\n\nA regression was found in the ssleay_rand_bytes() function. This could\nlead a multi-threaded application to crash. (CVE-2015-3216)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2015-550.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssl' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"openssl-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-debuginfo-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-devel-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-perl-1.0.1k-10.86.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"openssl-static-1.0.1k-10.86.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking regression (boo#933898)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:libopenssl-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:openssl-debuginfo", "p-cpe:/a:novell:opensuse:openssl-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-447.NASL", "href": "https://www.tenable.com/plugins/nessus/84414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-447.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84414);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : openssl (openSUSE-2015-447) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"openssl was updated to fix six security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-4000: The Logjam Attack / weakdh.org. Rject\n connections with DH parameters shorter than 768 bits,\n generates 2048-bit DH parameters by default.\n (boo#931698)\n\n - CVE-2015-1788: Malformed ECParameters causes infinite\n loop (boo#934487)\n\n - CVE-2015-1789: Exploitable out-of-bounds read in\n X509_cmp_time (boo#934489)\n\n - CVE-2015-1790: PKCS7 crash with missing EnvelopedContent\n (boo#934491)\n\n - CVE-2015-1792: CMS verify infinite loop with unknown\n hash function (boo#934493)\n\n - CVE-2015-1791: race condition in NewSessionTicket\n (boo#933911)\n\n - CVE-2015-3216: Crash in ssleay_rand_bytes due to locking\n regression (boo#933898)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_0_0-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl-devel-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debuginfo-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openssl-debugsource-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-11.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl-devel-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libopenssl1_0_0-hmac-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debuginfo-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"openssl-debugsource-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl-devel-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1k-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1k-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl-devel-32bit / libopenssl1_0_0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:57", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84561);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=75ca56dc2ed43571b870081da3f3b615\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bba27a17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1071f86d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-libopenssl-devel=10795\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:12", "description": "This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1143-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84426);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of openssl fixes the following security issues :\n\n - CVE-2015-4000 (bsc#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (bsc#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (bsc#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (bsc#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (bsc#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (bsc#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (bsc#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - fix a timing side channel in RSA decryption (bnc#929678)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=926597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151143-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fad401c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-282=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-282=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-282=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1i-25.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.1i-25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024 bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment #3)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1150-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1150-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84442);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update fixes the following security issues :\n\n - CVE-2015-4000 (boo#931698)\n\n - The Logjam Attack / weakdh.org\n\n - reject connections with DH parameters shorter than 1024\n bits\n\n - generates 2048-bit DH parameters by default\n\n - CVE-2015-1788 (boo#934487)\n\n - Malformed ECParameters causes infinite loop\n\n - CVE-2015-1789 (boo#934489)\n\n - Exploitable out-of-bounds read in X509_cmp_time\n\n - CVE-2015-1790 (boo#934491)\n\n - PKCS7 crash with missing EnvelopedContent\n\n - CVE-2015-1792 (boo#934493)\n\n - CMS verify infinite loop with unknown hash function\n\n - CVE-2015-1791 (boo#933911)\n\n - race condition in NewSessionTicket\n\n - CVE-2015-3216 (boo#933898)\n\n - Crash in ssleay_rand_bytes due to locking regression\n\n - modified openssl-1.0.1i-fipslocking.patch\n\n - fix timing side channel in RSA decryption (bnc#929678)\n\n - add ECC ciphersuites to DEFAULT (bnc#879179)\n\n - Disable EXPORT ciphers by default (bnc#931698, comment\n #3)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151150-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4eea51db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Legacy Software 12 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-12-2015-285=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-285=1\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"compat-openssl098-debugsource-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-78.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by rejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1182-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1182-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84559);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : OpenSSL (SUSE-SU-2015:1182-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8k was updated to fix several security issues :\n\nCVE-2015-4000: The Logjam Attack (weakdh.org) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits.\n2048-bit DH parameters are now generated by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nFixed a timing side channel in RSA decryption. (bsc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bsc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class. (bsc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=879179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=fcf228a4143edf49a5ca32558bfe9721\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1bcc8915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151182-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46cf76fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11 SP3 :\n\nzypper in -t patch sdksp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-libopenssl-devel=10781\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-libopenssl-devel=10781\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:19", "description": "OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown hash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to locking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1184-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84548", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1184-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84548);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3216\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75219\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : OpenSSL (SUSE-SU-2015:1184-1) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL 0.9.8j was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nCVE-2015-1792: A CMS verification infinite loop when using an unknown\nhash function was fixed.\n\nCVE-2015-1791: Fixed a race condition in NewSessionTicket creation.\n\nCVE-2015-3216: Fixed a potential crash in ssleay_rand_bytes due to\nlocking regression.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nAdded the ECC ciphersuites to the DEFAULT cipher class (bnc#879179)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=933911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934493\");\n # https://download.suse.com/patch/finder/?keywords=ab1c52f77471cf8a61e7eae79f57f9bf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e541e2a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1791/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1792/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-3216/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151184-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d18e8f2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP1 LTSS :\n\nzypper in -t patch slessp1-libopenssl-devel=10794\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"libopenssl0_9_8-hmac-32bit-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl-devel-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"libopenssl0_9_8-hmac-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-0.9.8j-0.72.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"openssl-doc-0.9.8j-0.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:22", "description": "From Red Hat Security Advisory 2015:1115 :\n\nUpdated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1115 and \n# Oracle Linux Security Advisory ELSA-2015-1115 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84202);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(73239, 75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"Oracle Linux 6 / 7 : openssl (ELSA-2015-1115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1115 :\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005125.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005126.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:23", "description": "An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Scientific Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150615)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-libs", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "p-cpe:/a:fermilab:scientific_linux:openssl-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150615_OPENSSL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84226", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84226);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with\nScientific Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=6990\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ed986b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:40", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : openssl (CESA-2015:1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1115 and \n# CentOS Errata and Security Advisory 2015:1115 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84199);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"CentOS 6 / 7 : openssl (CESA-2015:1115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?045df2f1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-June/021173.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30c569d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8176\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-devel-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-perl-1.0.1e-30.el6.11\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openssl-static-1.0.1e-30.el6.11\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-devel-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-libs-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7.8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-42.el7.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-libs / openssl-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-29T14:40:56", "description": "Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : openssl (RHSA-2015:1115)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1115.NASL", "href": "https://www.tenable.com/plugins/nessus/84204", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84204);\n script_version(\"2.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(75154, 75156, 75157, 75159, 75161);\n script_xref(name:\"RHSA\", value:\"2015:1115\");\n\n script_name(english:\"RHEL 6 / 7 : openssl (RHSA-2015:1115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a\nDTLS server or client using OpenSSL to crash or, potentially, execute\narbitrary code. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash.\n(CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL.\nThis issue could possibly cause a multi-threaded TLS/SSL client using\nOpenSSL to double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message\nSyntax (CMS) messages. A CMS message with an unknown hash function\nidentifier could cause an application using OpenSSL to enter an\ninfinite loop. (CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and\nIvan Fratric as the original reporters of CVE-2014-8176, Robert\nSwiecki and Hanno Bock as the original reporters of CVE-2015-1789,\nMichal Zalewski as the original reporter of CVE-2015-1790, Emilia\nKasper as the original report of CVE-2015-1791 and Johannes Bauer as\nthe original reporter of CVE-2015-1792.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20150611.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3216\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-debuginfo-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"openssl-devel-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-30.el6_6.11\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-debuginfo-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-devel-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-libs-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-42.el7_1.8\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"openssl-static-1.0.1e-42.el7_1.8\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:27", "description": "Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-25T00:00:00", "type": "nessus", "title": "Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-10108.NASL", "href": "https://www.tenable.com/plugins/nessus/84375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10108.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84375);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"FEDORA\", value:\"2015-10108\");\n\n script_name(english:\"Fedora 21 : openssl-1.0.1k-10.fc21 (2015-10108)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2295ddd6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"openssl-1.0.1k-10.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:26", "description": "Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-22T00:00:00", "type": "nessus", "title": "Fedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-10047.NASL", "href": "https://www.tenable.com/plugins/nessus/84301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-10047.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84301);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_xref(name:\"FEDORA\", value:\"2015-10047\");\n\n script_name(english:\"Fedora 22 : openssl-1.0.1k-10.fc22 (2015-10047)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple moderate and low impact security issues fixed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1228608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f4a99cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openssl-1.0.1k-10.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:01:00", "description": "According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x prior to 6.2.5. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due to a flaw in the X509_verify_cert() function in file x509_vfy.c, which occurs when locating alternate certificate chains whenever the first attempt to build such a chain fails. A remote attacker can exploit this, by using a valid leaf certificate as a certificate authority (CA), to issue invalid certificates that will bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk Enterprise due to improper validation of user-supplied input before returning it to users. An attacker can exploit this, via a crafted request, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-08-21T00:00:00", "type": "nessus", "title": "Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:splunk:splunk", "cpe:/a:openssl:openssl"], "id": "SPLUNK_625.NASL", "href": "https://www.tenable.com/plugins/nessus/85581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85581);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1793\"\n );\n script_bugtraq_id(\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75652\n );\n\n script_name(english:\"Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Splunk Enterprise and Light.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is running an application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Splunk hosted on the\nremote web server is Enterprise 5.0.x prior to 5.0.14, 6.0.x prior to\n6.0.10, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.5, or Light 6.2.x\nprior to 6.2.5. It is, therefore, affected by the following\nvulnerabilities in the bundled OpenSSL library :\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A certificate validation bypass vulnerability exists due\n to a flaw in the X509_verify_cert() function in file\n x509_vfy.c, which occurs when locating alternate\n certificate chains whenever the first attempt to build\n such a chain fails. A remote attacker can exploit this,\n by using a valid leaf certificate as a certificate\n authority (CA), to issue invalid certificates that will\n bypass authentication. (CVE-2015-1793)\n\nAdditionally, a cross-site scripting vulnerability exists in Splunk\nEnterprise due to improper validation of user-supplied input before\nreturning it to users. An attacker can exploit this, via a crafted\nrequest, to execute arbitrary script code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.splunk.com/view/SP-CAAAN84\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150709.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Splunk Enterprise 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or later,\nor Splunk Light 6.2.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:splunk:splunk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"splunkd_detect.nasl\", \"splunk_web_detect.nasl\");\n script_require_keys(\"installed_sw/Splunk\");\n script_require_ports(\"Services/www\", 8089, 8000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Splunk\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:8000, embedded:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nver = install['version'];\nfix = FALSE;\n\ninstall_url = build_url(qs:dir, port:port);\n\nxss = FALSE;\n\n# 5.0.x < 5.0.14\nif (ver =~ \"^5\\.0($|[^0-9])\")\n{\n fix = '5.0.14';\n xss = TRUE;\n}\n# 6.0.x < 6.0.10\nelse if (ver =~ \"^6\\.0($|[^0-9])\")\n{\n fix = '6.0.10';\n xss = TRUE;\n}\n# 6.1.x < 6.1.9\nelse if (ver =~ \"^6\\.1($|[^0-9])\")\n fix = '6.1.9';\n\n# 6.2.x < 6.2.5\nelse if (ver =~ \"^6\\.2($|[^0-9])\")\n fix = '6.2.5';\n\n\nif (fix && ver_compare(ver:ver,fix:fix,strict:FALSE) < 0)\n{\n if (xss) set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:24:27", "description": "The Cisco Application Control Engine (ACE) software installed on the remote Cisco ACE 4710 device or ACE30 module is version A5 prior to A5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function requires a correct message authentication code (MAC) only if the MAC field has a nonzero length. This makes it easier for a man-in-the-middle attacker to spoof packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the receive function when handling a specially crafted packet sent to one of two hosts that are peering with each other. This allows an attacker to cause the next attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the Cavium SDK due to a failure to check the first byte of the padding bytes. A man-in-the-middle attacker can exploit this, by sending specially crafted requests to the server, to induce requests that allow determining the plaintext chunks of data. This vulnerability is a variant of the POODLE attack. (CVE-2015-4595)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-4000", "CVE-2015-4595"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:cisco:application_control_engine_software", "cpe:/a:openssl:openssl"], "id": "CISCO_ACE_A5_3_3.NASL", "href": "https://www.tenable.com/plugins/nessus/91427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91427);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-1798\",\n \"CVE-2015-1799\",\n \"CVE-2015-4000\",\n \"CVE-2015-4595\"\n );\n script_bugtraq_id(\n 73950,\n 73951,\n 74733,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CERT\", value:\"374268\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCut83796\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuu82343\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuv33150\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Cisco Application Control Engine (ACE) software installed on the\nremote Cisco ACE 4710 device or ACE30 module is version A5 prior to\nA5(3.3). It is, therefore, affected by multiple vulnerabilities :\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. A remote attacker can exploit this to\n cause a denial of service condition or other potential\n unspecified impact. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - The symmetric-key feature in the receive function\n requires a correct message authentication code (MAC)\n only if the MAC field has a nonzero length. This makes\n it easier for a man-in-the-middle attacker to spoof\n packets by omitting the MAC. (CVE-2015-1798)\n\n - A flaw exists in the symmetric-key feature in the\n receive function when handling a specially crafted\n packet sent to one of two hosts that are peering with\n each other. This allows an attacker to cause the next\n attempt by the servers to synchronize to fail.\n (CVE-2015-1799)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\n\n - A flaw exists in the TLS 1.x implementation in the\n Cavium SDK due to a failure to check the first byte of\n the padding bytes. A man-in-the-middle attacker can\n exploit this, by sending specially crafted requests to\n the server, to induce requests that allow determining\n the plaintext chunks of data. This vulnerability is a\n variant of the POODLE attack. (CVE-2015-4595)\");\n # https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/VA5_3_x/release/note/ACE_app_rn_A53x.html#pgfId-947807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bf8fa00\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCut83796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuu82343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuv33150\");\n # https://vivaldi.net/en-US/userblogs/entry/there-are-more-poodles-in-the-forest\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f38496c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco ACE version A5(3.3) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_software\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\", \"Host/Cisco/ACE/Model\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/ACE/Version\");\nmodel = get_kb_item_or_exit(\"Host/Cisco/ACE/Model\");\n\nif (model != \"4710\" && model != \"ACE30\") audit(AUDIT_DEVICE_NOT_VULN, \"Cisco ACE \" + model);\n\nif (\n version =~ \"^A[34][^0-9]\" ||\n version =~ \"^A5\\([0-2][^0-9]\" ||\n version =~ \"^A5\\(3(\\.[0-2][a-z]*)?\\)\"\n)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : A5(3.3)' +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-29T14:41:17", "description": "OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-devel", "p-cpe:/a:novell:suse_linux:openssl-doc", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-1181-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1181-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84558);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 74733,\n 75156,\n 75157,\n 75158\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1788: Malformed ECParameters could cause an infinite loop.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n # https://download.suse.com/patch/finder/?keywords=9f7ad0f893ed0c841ceae726daca55cd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cfee53bc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151181-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?564cd0d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected OpenSSL packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"openssl-devel-32bit-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-devel-0.9.8a-18.92.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"openssl-doc-0.9.8a-18.92.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-27T14:20:02", "description": "A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : sqlite (ALAS-2015-591)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lemon", "p-cpe:/a:amazon:linux:sqlite", "p-cpe:/a:amazon:linux:sqlite-debuginfo", "p-cpe:/a:amazon:linux:sqlite-devel", "p-cpe:/a:amazon:linux:sqlite-doc", "p-cpe:/a:amazon:linux:sqlite-tcl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-591.NASL", "href": "https://www.tenable.com/plugins/nessus/85749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-591.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85749);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"ALAS\", value:\"2015-591\");\n\n script_name(english:\"Amazon Linux AMI : sqlite (ALAS-2015-591)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way SQLite handled dequoting of\ncollation-sequence names. A local attacker could submit a specially\ncrafted COLLATE statement that would crash the SQLite process, or have\nother unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly\nimplement comparison operators. A local attacker could submit a\nspecially crafted CHECK statement that would crash the SQLite process,\nor have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly\nhandle precision and width values during floating-point conversions. A\nlocal attacker could submit a specially crafted SELECT statement that\nwould crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-591.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update sqlite' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"lemon-3.7.17-6.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"sqlite-3.7.17-6.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"sqlite-debuginfo-3.7.17-6.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"sqlite-devel-3.7.17-6.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"sqlite-doc-3.7.17-6.13.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"sqlite-tcl-3.7.17-6.13.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-debuginfo / sqlite-devel / sqlite-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:14:28", "description": "Multiple vulnerabilities has been found and corrected in sqlite3 :\n\nSQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement (CVE-2015-3414).\n\nThe sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0 O>O) in a CREATE TABLE statement (CVE-2015-3415).\n\nThe sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement (CVE-2015-3416).\n\nThe updated packages provides a solution for these security issues.", "cvss3": {}, "published": "2015-05-01T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : sqlite3 (MDVSA-2015:217)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lemon", "p-cpe:/a:mandriva:linux:lib64sqlite3-devel", "p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel", "p-cpe:/a:mandriva:linux:lib64sqlite3_0", "p-cpe:/a:mandriva:linux:sqlite3-tcl", "p-cpe:/a:mandriva:linux:sqlite3-tools", "cpe:/o:mandriva:business_server:1", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-217.NASL", "href": "https://www.tenable.com/plugins/nessus/83169", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:217. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83169);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"MDVSA\", value:\"2015:217\");\n\n script_name(english:\"Mandriva Linux Security Advisory : sqlite3 (MDVSA-2015:217)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in sqlite3 :\n\nSQLite before 3.8.9 does not properly implement the dequoting of\ncollation-sequence names, which allows context-dependent attackers to\ncause a denial of service (uninitialized memory access and application\ncrash) or possibly have unspecified other impact via a crafted COLLATE\nclause, as demonstrated by COLLATE at the end of a SELECT statement\n(CVE-2015-3414).\n\nThe sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not\nproperly implement comparison operators, which allows\ncontext-dependent attackers to cause a denial of service (invalid free\noperation) or possibly have unspecified other impact via a crafted\nCHECK clause, as demonstrated by CHECK(0 O>O) in a CREATE TABLE\nstatement (CVE-2015-3415).\n\nThe sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does\nnot properly handle precision and width values during floating-point\nconversions, which allows context-dependent attackers to cause a\ndenial of service (integer overflow and stack-based buffer overflow)\nor possibly have unspecified other impact via large integers in a\ncrafted printf function call in a SELECT statement (CVE-2015-3416).\n\nThe updated packages provides a solution for these security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1212357\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64sqlite3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sqlite3-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sqlite3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lemon-3.8.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.8.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.8.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.8.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sqlite3-tcl-3.8.9-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sqlite3-tools-3.8.9-1.mbs1\")) flag++;\n\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lemon-3.8.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sqlite3-devel-3.8.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sqlite3-static-devel-3.8.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64sqlite3_0-3.8.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"sqlite3-tcl-3.8.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"sqlite3-tools-3.8.9-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:19", "description": "From Red Hat Security Advisory 2015:1635 :\n\nAn updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and flexibility of a SQL database without the administrative hassles of supporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : sqlite (ELSA-2015-1635)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:lemon", "p-cpe:/a:oracle:linux:sqlite", "p-cpe:/a:oracle:linux:sqlite-devel", "p-cpe:/a:oracle:linux:sqlite-doc", "p-cpe:/a:oracle:linux:sqlite-tcl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1635.NASL", "href": "https://www.tenable.com/plugins/nessus/85491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1635 and \n# Oracle Linux Security Advisory ELSA-2015-1635 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85491);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"RHSA\", value:\"2015:1635\");\n\n script_name(english:\"Oracle Linux 7 : sqlite (ELSA-2015-1635)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1635 :\n\nAn updated sqlite package that fixes three security issues is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a\nsingle disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and\nflexibility of a SQL database without the administrative hassles of\nsupporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of\ncollation-sequence names. A local attacker could submit a specially\ncrafted COLLATE statement that would crash the SQLite process, or have\nother unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly\nimplement comparison operators. A local attacker could submit a\nspecially crafted CHECK statement that would crash the SQLite process,\nor have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly\nhandle precision and width values during floating-point conversions. A\nlocal attacker could submit a specially crafted SELECT statement that\nwould crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005344.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sqlite packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"lemon-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sqlite-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sqlite-devel-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sqlite-doc-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"sqlite-tcl-3.7.17-6.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-tcl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:29", "description": "An updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and flexibility of a SQL database without the administrative hassles of supporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "RHEL 7 : sqlite (RHSA-2015:1635)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:lemon", "p-cpe:/a:redhat:enterprise_linux:sqlite", "p-cpe:/a:redhat:enterprise_linux:sqlite-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sqlite-devel", "p-cpe:/a:redhat:enterprise_linux:sqlite-doc", "p-cpe:/a:redhat:enterprise_linux:sqlite-tcl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1635.NASL", "href": "https://www.tenable.com/plugins/nessus/85496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1635. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85496);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"RHSA\", value:\"2015:1635\");\n\n script_name(english:\"RHEL 7 : sqlite (RHSA-2015:1635)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sqlite package that fixes three security issues is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a\nsingle disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and\nflexibility of a SQL database without the administrative hassles of\nsupporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of\ncollation-sequence names. A local attacker could submit a specially\ncrafted COLLATE statement that would crash the SQLite process, or have\nother unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly\nimplement comparison operators. A local attacker could submit a\nspecially crafted CHECK statement that would crash the SQLite process,\nor have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly\nhandle precision and width values during floating-point conversions. A\nlocal attacker could submit a specially crafted SELECT statement that\nwould crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3414\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1635\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"lemon-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"lemon-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"sqlite-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"sqlite-debuginfo-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"sqlite-devel-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"sqlite-doc-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"sqlite-tcl-3.7.17-6.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"sqlite-tcl-3.7.17-6.el7_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-debuginfo / sqlite-devel / sqlite-doc / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:30", "description": "A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : sqlite on SL7.x x86_64 (20150817)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:lemon", "p-cpe:/a:fermilab:scientific_linux:sqlite", "p-cpe:/a:fermilab:scientific_linux:sqlite-debuginfo", "p-cpe:/a:fermilab:scientific_linux:sqlite-devel", "p-cpe:/a:fermilab:scientific_linux:sqlite-doc", "p-cpe:/a:fermilab:scientific_linux:sqlite-tcl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150817_SQLITE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85502);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n\n script_name(english:\"Scientific Linux Security Update : sqlite on SL7.x x86_64 (20150817)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way SQLite handled dequoting of\ncollation-sequence names. A local attacker could submit a specially\ncrafted COLLATE statement that would crash the SQLite process, or have\nother unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly\nimplement comparison operators. A local attacker could submit a\nspecially crafted CHECK statement that would crash the SQLite process,\nor have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly\nhandle precision and width values during floating-point conversions. A\nlocal attacker could submit a specially crafted SELECT statement that\nwould crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=15216\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?212022ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"lemon-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sqlite-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sqlite-debuginfo-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sqlite-devel-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"sqlite-doc-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"sqlite-tcl-3.7.17-6.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-debuginfo / sqlite-devel / sqlite-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:19:07", "description": "An updated sqlite package that fixes three security issues is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and flexibility of a SQL database without the administrative hassles of supporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "CentOS 7 : sqlite (CESA-2015:1635)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:lemon", "p-cpe:/a:centos:centos:sqlite", "p-cpe:/a:centos:centos:sqlite-devel", "p-cpe:/a:centos:centos:sqlite-doc", "p-cpe:/a:centos:centos:sqlite-tcl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1635.NASL", "href": "https://www.tenable.com/plugins/nessus/85463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1635 and \n# CentOS Errata and Security Advisory 2015:1635 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85463);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"RHSA\", value:\"2015:1635\");\n\n script_name(english:\"CentOS 7 : sqlite (CESA-2015:1635)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sqlite package that fixes three security issues is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nSQLite is a C library that implements a SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a\nsingle disk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and\nflexibility of a SQL database without the administrative hassles of\nsupporting a separate database server.\n\nA flaw was found in the way SQLite handled dequoting of\ncollation-sequence names. A local attacker could submit a specially\ncrafted COLLATE statement that would crash the SQLite process, or have\nother unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly\nimplement comparison operators. A local attacker could submit a\nspecially crafted CHECK statement that would crash the SQLite process,\nor have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly\nhandle precision and width values during floating-point conversions. A\nlocal attacker could submit a specially crafted SELECT statement that\nwould crash the SQLite process, or have other unspecified impacts.\n(CVE-2015-3416)\n\nAll sqlite users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021337.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df1770c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sqlite packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3414\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"lemon-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sqlite-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sqlite-devel-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sqlite-doc-3.7.17-6.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"sqlite-tcl-3.7.17-6.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-tcl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:14:43", "description": "NVD reports :\n\nSQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE'''''''' at the end of a SELECT statement.\n\nThe sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.\n\nThe sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.", "cvss3": {}, "published": "2015-04-20T00:00:00", "type": "nessus", "title": "FreeBSD : sqlite -- multiple vulnerabilities (dec3164f-3121-45ef-af18-bb113ac5082f)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:sqlite3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_DEC3164F312145EFAF18BB113AC5082F.NASL", "href": "https://www.tenable.com/plugins/nessus/82893", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82893);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n\n script_name(english:\"FreeBSD : sqlite -- multiple vulnerabilities (dec3164f-3121-45ef-af18-bb113ac5082f)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"NVD reports :\n\nSQLite before 3.8.9 does not properly implement the dequoting of\ncollation-sequence names, which allows context-dependent attackers to\ncause a denial of service (uninitialized memory access and application\ncrash) or possibly have unspecified other impact via a crafted COLLATE\nclause, as demonstrated by COLLATE'''''''' at the end of a SELECT\nstatement.\n\nThe sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not\nproperly implement comparison operators, which allows\ncontext-dependent attackers to cause a denial of service (invalid free\noperation) or possibly have unspecified other impact via a crafted\nCHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE\nstatement.\n\nThe sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does\nnot properly handle precision and width values during floating-point\nconversions, which allows context-dependent attackers to cause a\ndenial of service (integer overflow and stack-based buffer overflow)\nor possibly have unspecified other impact via large integers in a\ncrafted printf function call in a SELECT statement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.sqlite.org/src/info/eddc05e7bb31fae7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.sqlite.org/src/info/02e3c88fbf6abdcf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.sqlite.org/src/info/c494171f77dc2e5e\"\n );\n # http://seclists.org/fulldisclosure/2015/Apr/31\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/fulldisclosure/2015/Apr/31\"\n );\n # https://vuxml.freebsd.org/freebsd/dec3164f-3121-45ef-af18-bb113ac5082f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?972e9809\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"sqlite3<3.8.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:48", "description": "Michal Zalewski discovered multiple vulnerabilities in SQLite, which may result in denial of service or the execution of arbitrary code.", "cvss3": {}, "published": "2015-05-07T00:00:00", "type": "nessus", "title": "Debian DSA-3252-1 : sqlite3 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:sqlite3", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3252.NASL", "href": "https://www.tenable.com/plugins/nessus/83273", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3252. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83273);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_bugtraq_id(74228);\n script_xref(name:\"DSA\", value:\"3252\");\n\n script_name(english:\"Debian DSA-3252-1 : sqlite3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Michal Zalewski discovered multiple vulnerabilities in SQLite, which\nmay result in denial of service or the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/sqlite3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3252\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the sqlite3 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.8.7.1-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"lemon\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsqlite3-0\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsqlite3-0-dbg\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsqlite3-dev\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsqlite3-tcl\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"sqlite3\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"sqlite3-doc\", reference:\"3.8.7.1-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:17:23", "description": "The remote host is affected by the vulnerability described in GLSA-201507-05 (SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2015-07-08T00:00:00", "type": "nessus", "title": "GLSA-201507-05 : SQLite: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:sqlite", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201507-05.NASL", "href": "https://www.tenable.com/plugins/nessus/84604", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201507-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84604);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_bugtraq_id(74228);\n script_xref(name:\"GLSA\", value:\"201507-05\");\n\n script_name(english:\"GLSA-201507-05 : SQLite: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201507-05\n(SQLite: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in SQLite. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker could possibly cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201507-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All SQLite users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/sqlite-3.8.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/sqlite\", unaffected:make_list(\"ge 3.8.9\"), vulnerable:make_list(\"lt 3.8.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SQLite\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:11:54", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - improved fix for (CVE-2015-1791)\n\n - add missing parts of CVE-2015-0209 fix for corectness although unexploitable\n\n - fix CVE-2014-8176 - invalid free in DTLS buffering code\n\n - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n\n - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent\n\n - fix CVE-2015-1791 - race condition handling NewSessionTicket\n\n - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function\n\n - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : openssl (OVMSA-2015-0070)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-0209", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0070.NASL", "href": "https://www.tenable.com/plugins/nessus/84203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0070.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84203);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-0209\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-3216\");\n script_bugtraq_id(73196, 73239, 75154, 75156, 75157, 75159, 75161, 75219);\n\n script_name(english:\"OracleVM 3.3 : openssl (OVMSA-2015-0070)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - improved fix for (CVE-2015-1791)\n\n - add missing parts of CVE-2015-0209 fix for corectness\n although unexploitable\n\n - fix CVE-2014-8176 - invalid free in DTLS buffering code\n\n - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time\n\n - fix CVE-2015-1790 - PKCS7 crash with missing\n EncryptedContent\n\n - fix CVE-2015-1791 - race condition handling\n NewSessionTicket\n\n - fix CVE-2015-1792 - CMS verify infinite loop with\n unknown hash function\n\n - fix CVE-2015-3216 - regression in RAND locking that can\n cause segfaults on read in multithreaded applications\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000318.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-30.el6_6.11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:38:06", "description": "Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-06T00:00:00", "type": "nessus", "title": "CentOS 5 : openssl (CESA-2015:1197) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-perl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1197 and \n# CentOS Errata and Security Advisory 2015:1197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84506);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75156, 75157);\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"CentOS 5 : openssl (CESA-2015:1197) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\");\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021230.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d8b9b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:41:28", "description": "OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by rejecting connections with DH parameters shorter than 1024 bits. We now also generate 2048-bit DH parameters by default.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was fixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This will only get active if applications get rebuilt and actually use this string. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-07T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl097g", "cpe:/o:novell:suse_linux:10", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1183-2.NASL", "href": "https://www.tenable.com/plugins/nessus/84560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1183-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84560);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(74733, 75156, 75157);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"SUSE SLED11 / SLES10 Security Update : OpenSSL (SUSE-SU-2015:1183-2) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenSSL was updated to fix several security issues.\n\nCVE-2015-4000: The Logjam Attack ( weakdh.org ) has been addressed by\nrejecting connections with DH parameters shorter than 1024 bits. We\nnow also generate 2048-bit DH parameters by default.\n\nCVE-2015-1789: An out-of-bounds read in X509_cmp_time was fixed.\n\nCVE-2015-1790: A PKCS7 decoder crash with missing EnvelopedContent was\nfixed.\n\nfixed a timing side channel in RSA decryption (bnc#929678)\n\nAdditional changes :\n\nIn the default SSL cipher string EXPORT ciphers are now disabled. This\nwill only get active if applications get rebuilt and actually use this\nstring. (bnc#931698)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=929678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=931698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=934491\");\n # https://download.suse.com/patch/finder/?keywords=31613a0a584dc47c4e6779e1a0a09b87\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?157a7562\");\n # https://download.suse.com/patch/finder/?keywords=9cebc5e391114f90b2cb9133b6763127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5987976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-1790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-4000/\");\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151183-2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36e9e59a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-compat-openssl097g=10790\n\nSLES for SAP Applications :\n\nzypper in -t patch slesappsp3-compat-openssl097g=10790\n\nTo bring your system up-to-date, use 'zypper patch'.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"compat-openssl097g-32bit-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"compat-openssl097g-0.9.7g-13.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-0.9.7g-146.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-146.22.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"compat-openssl097g-0.9.7g-146.22.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSL\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:40:47", "description": "Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-30T00:00:00", "type": "nessus", "title": "RHEL 5 : openssl (RHSA-2015:1197) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1197. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84467);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"RHEL 5 : openssl (RHSA-2015:1197) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2015:1197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-1790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1197\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-debuginfo-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:40:41", "description": "From Red Hat Security Advisory 2015:1197 :\n\nUpdated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-01T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-perl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2015-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/84485", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1197 and \n# Oracle Linux Security Advisory ELSA-2015-1197 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84485);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_bugtraq_id(\n 71937,\n 71939,\n 71942,\n 74733,\n 75156,\n 75157\n );\n script_xref(name:\"RHSA\", value:\"2015:1197\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Linux 5 : openssl (ELSA-2015-1197) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"From Red Hat Security Advisory 2015:1197 :\n\nUpdated openssl packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki\nand Hanno Bock as the original reporters of CVE-2015-1789, and Michal\nZalewski as the original reporter of CVE-2015-1790.\n\nAll openssl users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. For the\nupdate to take effect, all services linked to the OpenSSL library must\nbe restarted, or the system rebooted.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005186.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"openssl-0.9.8e-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-devel-0.9.8e-36.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"openssl-perl-0.9.8e-36.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-30T14:54:25", "description": "An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-07-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openssl", "p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openssl-devel", "p-cpe:/a:fermilab:scientific_linux:openssl-perl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150630_OPENSSL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/84542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84542);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-4000\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20150630) (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An out-of-bounds read flaw was found in the X509_cmp_time() function\nof OpenSSL. A specially crafted X.509 certificate or a Certificate\nRevocation List (CRL) could possibly cause a TLS/SSL server or client\nusing OpenSSL to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled\ncertain PKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to\ncrash. (CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the\nDiffie-Hellman (DH) key exchange. A man-in-the-middle attacker could\nuse this flaw to force the use of weak 512 bit export-grade keys\nduring the key exchange, allowing them to decrypt all traffic.\n(CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL\nto reject DH key sizes below 768 bits, which prevents sessions to be\ndowngraded to export-grade keys. Future updates may raise this limit\nto 1024 bits.\n\nFor the update to take effect, all services linked to the OpenSSL\nlibrary must be restarted, or the system rebooted.\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=15584\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa970612\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssl-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-debuginfo-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-devel-0.9.8e-36.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssl-perl-0.9.8e-36.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / openssl-perl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-23T02:29:28", "description": "According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts.(CVE-2015-3415)\n\n - A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts.(CVE-2015-3414)\n\n - A NULL pointer dereference vulnerability was found in SQLite. Loading a database whose schema was corrupted using a CREATE TABLE AS statement would result in a SQLite crash.(CVE-2018-8740)\n\n - It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts.(CVE-2015-3416)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : sqlite (EulerOS-SA-2019-1425)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2018-8740"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sqlite", "p-cpe:/a:huawei:euleros:sqlite-devel", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1425.NASL", "href": "https://www.tenable.com/plugins/nessus/124928", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124928);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2018-8740\"\n );\n script_bugtraq_id(\n 74228\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : sqlite (EulerOS-SA-2019-1425)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the sqlite packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was found that SQLite's sqlite3VdbeExec() function\n did not properly implement comparison operators. A\n local attacker could submit a specially crafted CHECK\n statement that would crash the SQLite process, or have\n other unspecified impacts.(CVE-2015-3415)\n\n - A flaw was found in the way SQLite handled dequoting of\n collation-sequence names. A local attacker could submit\n a specially crafted COLLATE statement that would crash\n the SQLite process, or have other unspecified\n impacts.(CVE-2015-3414)\n\n - A NULL pointer dereference vulnerability was found in\n SQLite. Loading a database whose schema was corrupted\n using a CREATE TABLE AS statement would result in a\n SQLite crash.(CVE-2018-8740)\n\n - It was found that SQLite's sqlite3VXPrintf() function\n did not properly handle precision and width values\n during floating-point conversions. A local attacker\n could submit a specially crafted SELECT statement that\n would crash the SQLite process, or have other\n unspecified impacts.(CVE-2015-3416)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1425\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8337062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sqlite packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sqlite-3.7.17-8.h2.eulerosv2r7\",\n \"sqlite-devel-3.7.17-8.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sqlite\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:18:24", "description": "It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2013-7443)\n\nMichal Zalewski discovered that SQLite incorrectly handled dequoting of collation-sequence names. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3414)\n\nMichal Zalewski discovered that SQLite incorrectly implemented comparison operators. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 15.04. (CVE-2015-3415)\n\nMichal Zalewski discovered that SQLite incorrectly handle printf precision and width values during floating-point conversions. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-3416).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : sqlite3 vulnerabilities (USN-2698-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7443", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2698-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85156", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2698-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85156);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7443\", \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\");\n script_xref(name:\"USN\", value:\"2698-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : sqlite3 vulnerabilities (USN-2698-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that SQLite incorrectly handled skip-scan\noptimization. An attacker could use this issue to cause applications\nusing SQLite to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2013-7443)\n\nMichal Zalewski discovered that SQLite incorrectly handled dequoting\nof collation-sequence names. An attacker could use this issue to cause\napplications using SQLite to crash, resulting in a denial of service,\nor possibly execute arbitrary code. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 15.04. (CVE-2015-3414)\n\nMichal Zalewski discovered that SQLite incorrectly implemented\ncomparison operators. An attacker could use this issue to cause\napplications using SQLite to crash, resulting in a denial of service,\nor possibly execute arbitrary code. This issue only affected Ubuntu\n15.04. (CVE-2015-3415)\n\nMichal Zalewski discovered that SQLite incorrectly handle printf\nprecision and width values during floating-point conversions. An\nattacker could use this issue to cause applications using SQLite to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-3416).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2698-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsqlite3-0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libsqlite3-0\", pkgver:\"3.7.9-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libsqlite3-0\", pkgver:\"3.8.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libsqlite3-0\", pkgver:\"3.8.7.4-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsqlite3-0\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T14:37:55", "description": "According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in the Apache ActiveMQ component due to a faulty configuration that allows an XML parser to accept XML external entities from untrusted sources. A remote attacker, by sending crafted XML data, can exploit this to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the Apache ActiveMQ component due to a flaw in the LDAPLoginModule implementation. A remote attacker can exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in the administrative console of Apache ActiveMQ that allow a remote attacker to inject arbitrary HTML or web scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper validation of user-supplied input when a DTLS peer receives application data between ChangeCipherSpec and Finished messages. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code due to an infinite loop that occurs when verifying a signedData message. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to a timeout interrupt occurring partway in the session shutdown sequence. A remote attacker, by closing an SSL session when the authentication timeout expires, can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf() functions in PostgreSQL due to a failure to check for errors. A remote attacker can exploit this to access sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due to cases of decryption reporting other error message texts, which a remote attacker can use to recover keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3600", "CVE-2014-3612", "CVE-2014-8110", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3165", "CVE-2015-3166", "CVE-2015-3167", "CVE-2015-4000"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "href": "https://www.tenable.com/plugins/nessus/84960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84960);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2014-3600\",\n \"CVE-2014-3612\",\n \"CVE-2014-8110\",\n \"CVE-2014-8176\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3165\",\n \"CVE-2015-3166\",\n \"CVE-2015-3167\",\n \"CVE-2015-4000\"\n );\n script_bugtraq_id(\n 72510,\n 72511,\n 72513,\n 74733,\n 74787,\n 74789,\n 74790,\n 75154,\n 75156,\n 75157,\n 75158,\n 75159,\n 75161\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet Enterprise\napplication running on the remote host is 3.x prior to 3.8.1. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An XML external entity injection (XXE) flaw exists in\n the Apache ActiveMQ component due to a faulty\n configuration that allows an XML parser to accept XML\n external entities from untrusted sources. A remote\n attacker, by sending crafted XML data, can exploit this\n to disclose arbitrary files. (CVE-2014-3600)\n\n - An authentication bypass vulnerability exists in the\n Apache ActiveMQ component due to a flaw in the\n LDAPLoginModule implementation. A remote attacker can\n exploit this to bypass authentication mechanisms.\n (CVE-2014-3612)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the administrative console of Apache ActiveMQ that allow\n a remote attacker to inject arbitrary HTML or web\n scripts. (CVE-2014-8110)\n\n - An invalid free memory error exists due to improper\n validation of user-supplied input when a DTLS peer\n receives application data between ChangeCipherSpec and\n Finished messages. A remote attacker can exploit this to\n corrupt memory, resulting in a denial of service or\n the execution of arbitrary code. (CVE-2014-8176)\n\n - A denial of service vulnerability exists when processing\n an ECParameters structure due to an infinite loop that\n occurs when a specified curve is over a malformed binary\n polynomial field. A remote attacker can exploit this to\n perform a denial of service against any system that\n processes public keys, certificate requests, or\n certificates. This includes TLS clients and TLS servers\n with client authentication enabled. (CVE-2015-1788)\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. (CVE-2015-1791)\n\n - A denial of service vulnerability exists in the CMS code\n due to an infinite loop that occurs when verifying a\n signedData message. A remote attacker can exploit this\n to cause a denial of service condition. (CVE-2015-1792)\n\n - A double-free memory flaw exists in PostgreSQL due to\n a timeout interrupt occurring partway in the session\n shutdown sequence. A remote attacker, by closing\n an SSL session when the authentication timeout expires,\n can exploit this flaw to cause a denial of service.\n (CVE-2015-3165)\n\n - An out-of-memory condition exists in the printf()\n functions in PostgreSQL due to a failure to check for\n errors. A remote attacker can exploit this to access\n sensitive information. (CVE-2015-3166)\n\n - A flaw exists in contrib/pgcrypto in PostgreSQL due\n to cases of decryption reporting other error message\n texts, which a remote attacker can use to recover\n keys from other systems. (CVE-2015-3167)\n\n - A man-in-the-middle vulnerability, known as Logjam,\n exists due to a flaw in the SSL/TLS protocol. A remote\n attacker can exploit this flaw to downgrade connections\n using ephemeral Diffie-Hellman key exchange to 512-bit\n export-grade cryptography. (CVE-2015-4000)\");\n # https://puppet.com/security/cve/activemq-february-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f903b0fa\");\n # https://puppet.com/security/cve/postgresql-may-2015-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?50c9bedd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/about/news/1587/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2015-4000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/openssl-june-2015-vulnerability-fix\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150611.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://weakdh.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise version 3.8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Puppet Enterprise\";\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, app_name, build_url(port:port));\n ver = match[1];\n}\nelse audit(AUDIT_WEB_APP_NOT_INST, app_name, port);\n\nif (\n ver =~ \"^3\\.[0-7]($|[^0-9])\" ||\n ver =~ \"^3\\.8\\.0($|[^0-9])\"\n)\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise 3.8.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, build_url(port:port), ver);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:40:38", "description": "The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL :\n\n - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1_TIME string by the X509_cmp_time() function. A remote attacker can exploit this, via a malformed certificate and CRLs of various sizes, to cause a segmentation fault, resulting in a denial of service condition. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing inner 'EncryptedContent'. This allows a remote attacker, via specially crafted ASN.1-encoded PKCS#7 blobs with missing content, to cause a denial of service condition or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that occurs when a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket. A remote attacker can exploit this to cause a denial of service condition or other potential unspecified impact. (CVE-2015-1791)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-09-08T00:00:00", "type": "nessus", "title": "Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-3195"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:juniper:screenos"], "id": "SCREENOS_JSA10733.NASL", "href": "https://www.tenable.com/plugins/nessus/93383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93383);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/30 11:55:11\");\n\n script_cve_id(\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-3195\"\n );\n script_bugtraq_id(\n 75156,\n 75157,\n 75161,\n 78626\n );\n script_xref(name:\"JSA\", value:\"JSA10733\");\n\n script_name(english:\"Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)\");\n script_summary(english:\"Checks the version of ScreenOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Juniper ScreenOS running on the remote host is 6.3.x\nprior to 6.3.0r22. It is, therefore, affected by multiple\nvulnerabilities in its bundled version of OpenSSL :\n\n - A denial of service vulnerability exists due to improper\n validation of the content and length of the ASN1_TIME\n string by the X509_cmp_time() function. A remote\n attacker can exploit this, via a malformed certificate\n and CRLs of various sizes, to cause a segmentation\n fault, resulting in a denial of service condition. TLS\n clients that verify CRLs are affected. TLS clients and\n servers with client authentication enabled may be\n affected if they use custom verification callbacks.\n (CVE-2015-1789)\n\n - A NULL pointer dereference flaw exists in the PKCS#7\n parsing code due to incorrect handling of missing inner\n 'EncryptedContent'. This allows a remote attacker, via\n specially crafted ASN.1-encoded PKCS#7 blobs with\n missing content, to cause a denial of service condition\n or other potential unspecified impacts. (CVE-2015-1790)\n\n - A double-free error exists due to a race condition that\n occurs when a NewSessionTicket is received by a\n multi-threaded client when attempting to reuse a\n previous ticket. A remote attacker can exploit this to\n cause a denial of service condition or other potential\n unspecified impact. (CVE-2015-1791)\n\n - A flaw exists in the ASN1_TFLG_COMBINE implementation in\n file tasn_dec.c related to handling malformed\n X509_ATTRIBUTE structures. A remote attacker can exploit\n this to cause a memory leak by triggering a decoding\n failure in a PKCS#7 or CMS application, resulting in a\n denial of service. (CVE-2015-3195)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733\");\n # http://www.juniper.net/techpubs/en_US/screenos6.3.0/information-products/pathway-pages/screenos/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4eb1929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Juniper ScreenOS version 6.3.0r22 or later. Alternatively,\nrefer to the vendor advisory for additional workarounds.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/o:juniper:screenos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"screenos_version.nbin\");\n script_require_keys(\"Host/Juniper/ScreenOS/display_version\", \"Host/Juniper/ScreenOS/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Juniper ScreenOS\";\ndisplay_version = get_kb_item_or_exit(\"Host/Juniper/ScreenOS/display_version\");\nversion = get_kb_item_or_exit(\"Host/Juniper/ScreenOS/version\");\n\n# prior to 6.3.0r22 are affected. 6.2 unsupported\n# fix is 6.3.0r22 and later\nif (version =~ \"^6\\.3([^0-9]|$)\" && ver_compare(ver:version, fix:\"6.3.0.22\", strict:FALSE) < 0)\n{\n display_fix = \"6.3.0r22\";\n\n port = 0;\n report =\n '\\n Installed version : ' + display_version +\n '\\n Fixed version : ' + display_fix +\n '\\n';\n\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, display_version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:15:18", "description": "PCRE development team reports :\n\nA pattern such as '((?2){0,1999}())?', which has a group containing a forward reference repeated a large (but limited) number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error 'internal error: previously-checked referenced subpattern not found' when an incorrect memory address was read. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and given the CVE number CVE-2015-2325.\n\nA pattern such as '((?+1)(\\1))/' containing a forward reference subroutine call within a group that also contained a recursive back reference caused incorrect code to be compiled. This bug was reported as 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard Labs, and given the CVE number CVE-2015-2326.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:pcre", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4A88E3ED00D311E5A072D050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/83795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83795);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-2325\", \"CVE-2015-2326\");\n\n script_name(english:\"FreeBSD : pcre -- multiple vulnerabilities (4a88e3ed-00d3-11e5-a072-d050996490d0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PCRE development team reports :\n\nA pattern such as '((?2){0,1999}())?', which has a group containing a\nforward reference repeated a large (but limited) number of times\nwithin a repeated outer group that has a zero minimum quantifier,\ncaused incorrect code to be compiled, leading to the error 'internal\nerror: previously-checked referenced subpattern not found' when an\nincorrect memory address was read. This bug was reported as 'heap\noverflow', discovered by Kai Lu of Fortinet's FortiGuard Labs and\ngiven the CVE number CVE-2015-2325.\n\nA pattern such as '((?+1)(\\1))/' containing a forward reference\nsubroutine call within a group that also contained a recursive back\nreference caused incorrect code to be compiled. This bug was reported\nas 'heap overflow', discovered by Kai Lu of Fortinet's FortiGuard\nLabs, and given the CVE number CVE-2015-2326.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pcre.org/original/changelog.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/4a88e3ed-00d3-11e5-a072-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9438803\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"pcre<8.37\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T14:16:26", "description": "The PHP project reports :\n\nDOM and GD :\n\n- Fixed bug #69719 (Incorrect handling of paths with NULs).\n\nFTP :\n\n- Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)\n\nPostgres :\n\n- Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4643", "CVE-2015-4644"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:php5-dom", "p-cpe:/a:freebsd:freebsd:php5-ftp", "p-cpe:/a:freebsd:freebsd:php5-gd", "p-cpe:/a:freebsd:freebsd:php5-pgsql", "p-cpe:/a:freebsd:freebsd:php55-dom", "p-cpe:/a:freebsd:freebsd:php55-ftp", "p-cpe:/a:freebsd:freebsd:php55-gd", "p-cpe:/a:freebsd:freebsd:php55-pgsql", "p-cpe:/a:freebsd:freebsd:php56-dom", "p-cpe:/a:freebsd:freebsd:php56-ftp", "p-cpe:/a:freebsd:freebsd:php56-gd", "p-cpe:/a:freebsd:freebsd:php56-psql", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CDFF0AF2149211E5A1CF002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/84326", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84326);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4643\", \"CVE-2015-4644\");\n\n script_name(english:\"FreeBSD : php5 -- multiple vulnerabilities (cdff0af2-1492-11e5-a1cf-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PHP project reports :\n\nDOM and GD :\n\n- Fixed bug #69719 (Incorrect handling of paths with NULs).\n\nFTP :\n\n- Improved fix for bug #69545 (Integer overflow in ftp_genlist()\nresulting in heap overflow). (CVE-2015-4643)\n\nPostgres :\n\n- Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.4.42\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.5.26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.php.net/ChangeLog-5.php#5.6.10\"\n );\n # http://openwall.com/lists/oss-security/2015/06/18/3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2015/06/18/3\"\n );\n # https://vuxml.freebsd.org/freebsd/cdff0af2-1492-11e5-a1cf-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a8cf05d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php5-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php55-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:php56-psql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"php5-dom<5.4.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-ftp<5.4.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-gd<5.4.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php5-pgsql<5.4.42\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-dom<5.5.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-ftp<5.5.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-gd<5.5.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php55-pgsql<5.5.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-dom<5.6.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-ftp<5.6.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-gd<5.6.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"php56-psql<5.6.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2022-11-01T21:22:53", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version. Please see the <a href=\"http://php.net/ChangeLog-5.php#5.5.26\">upstream release notes</a> for full details.\n\n \n**Affected Packages:** \n\n\nphp55\n\n \n**Issue Correction:** \nRun _yum update php55_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php55-cli-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-dba-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-common-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xml-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-recode-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-intl-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-devel-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gd-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-soap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-imap-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-process-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pspell-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.26-1.103.amzn1.i686 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.26-1.103.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php55-pspell-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-imap-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-embedded-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mcrypt-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-cli-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-tidy-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gd-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-odbc-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-process-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mbstring-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-gmp-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mssql-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-snmp-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-ldap-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-devel-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-mysqlnd-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-common-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xml-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-recode-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-debuginfo-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-fpm-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-bcmath-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-xmlrpc-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-opcache-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-enchant-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pgsql-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-pdo-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-intl-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-dba-5.5.26-1.103.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php55-soap-5.5.26-1.103.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3416](<https://access.redhat.com/security/cve/CVE-2014-3416>), [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-4642](<https://access.redhat.com/security/cve/CVE-2015-4642>), [CVE-2015-4643](<https://access.redhat.com/security/cve/CVE-2015-4643>), [CVE-2015-4644](<https://access.redhat.com/security/cve/CVE-2015-4644>)\n\nMitre: [CVE-2014-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3416>), [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-4642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642>), [CVE-2015-4643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643>), [CVE-2015-4644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T12:40:00", "type": "amazon", "title": "Medium: php55", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-07T22:40:00", "id": "ALAS-2015-562", "href": "https://alas.aws.amazon.com/ALAS-2015-562.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T21:22:51", "description": "**Issue Overview:**\n\nUpstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version. Please see the <a href=\"http://php.net/ChangeLog-5.php#5.6.10\">upstream release notes</a> for full details.\n\n \n**Affected Packages:** \n\n\nphp56\n\n \n**Issue Correction:** \nRun _yum update php56_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php56-intl-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dba-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gd-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-recode-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-common-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-soap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-devel-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-imap-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xml-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-cli-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-process-5.6.10-1.115.amzn1.i686 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.10-1.115.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php56-common-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dba-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mbstring-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-enchant-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-debuginfo-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-devel-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-process-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-odbc-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xml-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-bcmath-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-imap-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-embedded-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-dbg-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pgsql-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-ldap-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-xmlrpc-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mysqlnd-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-recode-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gmp-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-intl-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mcrypt-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-mssql-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-snmp-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pspell-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-cli-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-fpm-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-gd-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-pdo-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-tidy-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-opcache-5.6.10-1.115.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php56-soap-5.6.10-1.115.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3416](<https://access.redhat.com/security/cve/CVE-2014-3416>), [CVE-2015-2325](<https://access.redhat.com/security/cve/CVE-2015-2325>), [CVE-2015-2326](<https://access.redhat.com/security/cve/CVE-2015-2326>), [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-4642](<https://access.redhat.com/security/cve/CVE-2015-4642>), [CVE-2015-4643](<https://access.redhat.com/security/cve/CVE-2015-4643>), [CVE-2015-4644](<https://access.redhat.com/security/cve/CVE-2015-4644>)\n\nMitre: [CVE-2014-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3416>), [CVE-2015-2325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325>), [CVE-2015-2326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326>), [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-4642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642>), [CVE-2015-4643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643>), [CVE-2015-4644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T12:40:00", "type": "amazon", "title": "Medium: php56", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-07T22:39:00", "id": "ALAS-2015-563", "href": "https://alas.aws.amazon.com/ALAS-2015-563.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T21:22:55", "description": "**Issue Overview:**\n\nUpstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416). All PHP 5.4 users are encouraged to upgrade to this version. Please see the <a href=\"http://php.net/ChangeLog-5.php#5.4.42\">upstream release notes</a> for full details.\n\n \n**Affected Packages:** \n\n\nphp54\n\n \n**Issue Correction:** \nRun _yum update php54_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 php54-mssql-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-devel-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-xml-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-imap-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-tidy-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-dba-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-common-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-intl-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-enchant-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-soap-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-recode-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-process-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-gd-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.42-1.71.amzn1.i686 \n \u00a0\u00a0\u00a0 php54-cli-5.4.42-1.71.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 php54-5.4.42-1.71.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 php54-tidy-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-gd-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-ldap-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-bcmath-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-process-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mbstring-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-devel-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xml-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysql-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-embedded-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-odbc-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-recode-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-imap-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-cli-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-snmp-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mcrypt-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-debuginfo-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-intl-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-fpm-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-xmlrpc-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pgsql-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mssql-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-mysqlnd-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-enchant-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-dba-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-common-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pspell-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-pdo-5.4.42-1.71.amzn1.x86_64 \n \u00a0\u00a0\u00a0 php54-soap-5.4.42-1.71.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-3416](<https://access.redhat.com/security/cve/CVE-2014-3416>), [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-4642](<https://access.redhat.com/security/cve/CVE-2015-4642>), [CVE-2015-4643](<https://access.redhat.com/security/cve/CVE-2015-4643>), [CVE-2015-4644](<https://access.redhat.com/security/cve/CVE-2015-4644>)\n\nMitre: [CVE-2014-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3416>), [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-4642](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642>), [CVE-2015-4643](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643>), [CVE-2015-4644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-07T12:39:00", "type": "amazon", "title": "Medium: php54", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3416", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-07T22:41:00", "id": "ALAS-2015-561", "href": "https://alas.aws.amazon.com/ALAS-2015-561.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-01T21:23:14", "description": "**Issue Overview:**\n\nLOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially-crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash. (CVE-2015-1789)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-1790)\n\nA race condition was found in the session handling code of OpenSSL. An attacker could cause a multi-threaded SSL/TLS server to crash. (CVE-2015-1791)\n\nA denial of service flaw was found in OpenSSL in the way it verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially-crafted message for verification. (CVE-2015-1792)\n\nAn invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially-crafted message to the peer, which could cause the application to crash or potentially cause arbitrary code execution. (CVE-2014-8176)\n\nA regression was found in the ssleay_rand_bytes() function. This could lead a multi-threaded application to crash. (CVE-2015-3216)\n\n \n**Affected Packages:** \n\n\nopenssl\n\n \n**Issue Correction:** \nRun _yum update openssl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 openssl-devel-1.0.1k-10.86.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-static-1.0.1k-10.86.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-1.0.1k-10.86.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-perl-1.0.1k-10.86.amzn1.i686 \n \u00a0\u00a0\u00a0 openssl-debuginfo-1.0.1k-10.86.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 openssl-1.0.1k-10.86.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 openssl-1.0.1k-10.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-static-1.0.1k-10.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-devel-1.0.1k-10.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-debuginfo-1.0.1k-10.86.amzn1.x86_64 \n \u00a0\u00a0\u00a0 openssl-perl-1.0.1k-10.86.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2014-8176](<https://access.redhat.com/security/cve/CVE-2014-8176>), [CVE-2015-1789](<https://access.redhat.com/security/cve/CVE-2015-1789>), [CVE-2015-1790](<https://access.redhat.com/security/cve/CVE-2015-1790>), [CVE-2015-1791](<https://access.redhat.com/security/cve/CVE-2015-1791>), [CVE-2015-1792](<https://access.redhat.com/security/cve/CVE-2015-1792>), [CVE-2015-3216](<https://access.redhat.com/security/cve/CVE-2015-3216>), [CVE-2015-4000](<https://access.redhat.com/security/cve/CVE-2015-4000>)\n\nMitre: [CVE-2014-8176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176>), [CVE-2015-1789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789>), [CVE-2015-1790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790>), [CVE-2015-1791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791>), [CVE-2015-1792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792>), [CVE-2015-3216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3216>), [CVE-2015-4000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2015-06-16T11:29:00", "type": "amazon", "title": "Medium: openssl", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8176", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3216", "CVE-2015-4000"], "modified": "2015-06-16T11:46:00", "id": "ALAS-2015-550", "href": "https://alas.aws.amazon.com/ALAS-2015-550.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-01T21:21:21", "description": "**Issue Overview:**\n\nA flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414)\n\nIt was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415)\n\nIt was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416)\n\n \n**Affected Packages:** \n\n\nsqlite\n\n \n**Issue Correction:** \nRun _yum update sqlite_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 sqlite-tcl-3.7.17-6.13.amzn1.i686 \n \u00a0\u00a0\u00a0 sqlite-3.7.17-6.13.amzn1.i686 \n \u00a0\u00a0\u00a0 sqlite-devel-3.7.17-6.13.amzn1.i686 \n \u00a0\u00a0\u00a0 lemon-3.7.17-6.13.amzn1.i686 \n \u00a0\u00a0\u00a0 sqlite-debuginfo-3.7.17-6.13.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 sqlite-doc-3.7.17-6.13.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 sqlite-3.7.17-6.13.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 sqlite-3.7.17-6.13.amzn1.x86_64 \n \u00a0\u00a0\u00a0 sqlite-devel-3.7.17-6.13.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lemon-3.7.17-6.13.amzn1.x86_64 \n \u00a0\u00a0\u00a0 sqlite-tcl-3.7.17-6.13.amzn1.x86_64 \n \u00a0\u00a0\u00a0 sqlite-debuginfo-3.7.17-6.13.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-3414](<https://access.redhat.com/security/cve/CVE-2015-3414>), [CVE-2015-3415](<https://access.redhat.com/security/cve/CVE-2015-3415>), [CVE-2015-3416](<https://access.redhat.com/security/cve/CVE-2015-3416>)\n\nMitre: [CVE-2015-3414](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414>), [CVE-2015-3415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415>), [CVE-2015-3416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416>)\n", "cvss3": {}, "published": "2015-09-02T12:00:00", "type": "amazon", "title": "Medium: sqlite", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416"], "modified": "2015-09-02T12:00:00", "id": "ALAS-2015-591", "href": "https://alas.aws.amazon.com/ALAS-2015-591.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2021-07-28T14:46:47", "description": "New php packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/php-5.4.43-i486-1_slack14.1.txz: Upgraded.\n This update fixes some bugs and security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.43-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nf34f96584f242735830b866d3daf7cef php-5.4.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n8271dca3b5409ce7b73d30628aa0ace4 php-5.4.43-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n6eb81ab4a6f09e4a8b4d4d5e7cbbda57 php-5.4.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n3a4a3f2d94af2fafb2a624d4c83c9ca3 php-5.4.43-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n020ea5fa030e4970859f79c598a1e9b5 n/php-5.6.11-i586-1.txz\n\nSlackware x86_64 -current package:\n681ed93dadf75420ca2ee5d03b369da0 n/php-5.6.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg php-5.4.43-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-17T20:25:21", "type": "slackware", "title": "[slackware-security] php", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2325", "CVE-2015-2326", "CVE-2015-3152", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-4642", "CVE-2015-4643", "CVE-2015-4644"], "modified": "2015-07-17T20:25:21", "id": "SSA-2015-198-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.420251", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:46:46", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded.\n Fixes several bugs and security issues:\n o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n o Race condition handling NewSessionTicket (CVE-2015-1791)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2015-06-11T23:01:09", "type": "slackware", "title": "[slackware-security] openssl", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792"], "modified": "2015-06-11T23:01:09", "id": "SSA-2015-162-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.750596", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-03-17T22:58:40", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120108", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120108\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:40 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-562)\");\n script_tag(name:\"insight\", value:\"Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326 ). All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.\");\n script_tag(name:\"solution\", value:\"Run yum update php55 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-562.html\");\n script_cve_id(\"CVE-2015-3415\", \"CVE-2015-3414\", \"CVE-2014-3416\", \"CVE-2015-4644\", \"CVE-2015-4643\", \"CVE-2015-4642\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php55-cli\", rpm:\"php55-cli~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-odbc\", rpm:\"php55-odbc~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-dba\", rpm:\"php55-dba~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55\", rpm:\"php55~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-bcmath\", rpm:\"php55-bcmath~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-common\", rpm:\"php55-common~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mysqlnd\", rpm:\"php55-mysqlnd~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xml\", rpm:\"php55-xml~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-recode\", rpm:\"php55-recode~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-intl\", rpm:\"php55-intl~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-devel\", rpm:\"php55-devel~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-opcache\", rpm:\"php55-opcache~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gd\", rpm:\"php55-gd~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-gmp\", rpm:\"php55-gmp~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-soap\", rpm:\"php55-soap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-ldap\", rpm:\"php55-ldap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-imap\", rpm:\"php55-imap~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-debuginfo\", rpm:\"php55-debuginfo~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mbstring\", rpm:\"php55-mbstring~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-xmlrpc\", rpm:\"php55-xmlrpc~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mcrypt\", rpm:\"php55-mcrypt~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-mssql\", rpm:\"php55-mssql~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-embedded\", rpm:\"php55-embedded~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pdo\", rpm:\"php55-pdo~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-process\", rpm:\"php55-process~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pspell\", rpm:\"php55-pspell~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-enchant\", rpm:\"php55-enchant~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-fpm\", rpm:\"php55-fpm~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-pgsql\", rpm:\"php55-pgsql~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-tidy\", rpm:\"php55-tidy~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php55-snmp\", rpm:\"php55-snmp~5.5.26~1.103.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:59:59", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3415", "CVE-2015-2325", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643", "CVE-2015-2326"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120107", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120107\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-563)\");\n script_tag(name:\"insight\", value:\"Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326 ). All PHP 5.6 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.\");\n script_tag(name:\"solution\", value:\"Run yum update php56 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-563.html\");\n script_cve_id(\"CVE-2015-3415\", \"CVE-2015-3414\", \"CVE-2014-3416\", \"CVE-2015-4644\", \"CVE-2015-4643\", \"CVE-2015-4642\", \"CVE-2015-2325\", \"CVE-2015-2326\", \"CVE-2015-3416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php56-intl\", rpm:\"php56-intl~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-enchant\", rpm:\"php56-enchant~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-snmp\", rpm:\"php56-snmp~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-fpm\", rpm:\"php56-fpm~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pgsql\", rpm:\"php56-pgsql~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mssql\", rpm:\"php56-mssql~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dba\", rpm:\"php56-dba~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-odbc\", rpm:\"php56-odbc~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mysqlnd\", rpm:\"php56-mysqlnd~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mbstring\", rpm:\"php56-mbstring~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56\", rpm:\"php56~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-tidy\", rpm:\"php56-tidy~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pdo\", rpm:\"php56-pdo~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gd\", rpm:\"php56-gd~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-pspell\", rpm:\"php56-pspell~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-recode\", rpm:\"php56-recode~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-opcache\", rpm:\"php56-opcache~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-embedded\", rpm:\"php56-embedded~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-dbg\", rpm:\"php56-dbg~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-gmp\", rpm:\"php56-gmp~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-debuginfo\", rpm:\"php56-debuginfo~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-common\", rpm:\"php56-common~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-ldap\", rpm:\"php56-ldap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-bcmath\", rpm:\"php56-bcmath~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-soap\", rpm:\"php56-soap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-devel\", rpm:\"php56-devel~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-mcrypt\", rpm:\"php56-mcrypt~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-imap\", rpm:\"php56-imap~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xml\", rpm:\"php56-xml~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-cli\", rpm:\"php56-cli~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-process\", rpm:\"php56-process~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php56-xmlrpc\", rpm:\"php56-xmlrpc~5.6.10~1.115.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "description": "Gentoo Linux Local Security Checks GLSA 201506-02", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201506-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121379", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121379", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201506-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121379\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:51 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201506-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201506-02\");\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201506-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 1.0.1o\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(\"ge 0.9.8z_p7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-libs/openssl\", unaffected: make_list(), vulnerable: make_list(\"lt 1.0.1o\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:52:22", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176 \nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\nthat an invalid memory free could be triggered when buffering DTLS\ndata. This could allow remote attackers to cause a denial of service\n(crash) or potentially execute arbitrary code. This issue only\naffected the oldstable distribution (wheezy).\n\nCVE-2015-1788 \nJoseph Barr-Pixton discovered that an infinite loop could be triggered\ndue to incorrect handling of malformed ECParameters structures. This\ncould allow remote attackers to cause a denial of service.\n\nCVE-2015-1789 \nRobert Swiecki and Hanno Bck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790 \nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791 \nEmilia Ksper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause\na denial of service (crash).\n\nCVE-2015-1792 \nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an\nunknown hash function OID. This could allow remote attackers to cause\na denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000 \n).", "cvss3": {}, "published": "2015-06-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3287-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703287", "href": "http://plugins.openvas.org/nasl.php?oid=703287", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3287.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3287-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703287);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\",\n \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\");\n script_name(\"Debian Security Advisory DSA 3287-1 (openssl - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3287.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"openssl on Debian Linux\");\n script_tag(name: \"insight\", value: \"This package contains the openssl binary and related tools.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176 \nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\nthat an invalid memory free could be triggered when buffering DTLS\ndata. This could allow remote attackers to cause a denial of service\n(crash) or potentially execute arbitrary code. This issue only\naffected the oldstable distribution (wheezy).\n\nCVE-2015-1788 \nJoseph Barr-Pixton discovered that an infinite loop could be triggered\ndue to incorrect handling of malformed ECParameters structures. This\ncould allow remote attackers to cause a denial of service.\n\nCVE-2015-1789 \nRobert Swiecki and Hanno Bck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790 \nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791 \nEmilia Ksper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause\na denial of service (crash).\n\nCVE-2015-1792 \nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an\nunknown hash function OID. This could allow remote attackers to cause\na denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000 \n).\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u17\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.2b-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:07", "description": "Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\nthat an invalid memory free could be triggered when buffering DTLS\ndata. This could allow remote attackers to cause a denial of service\n(crash) or potentially execute arbitrary code. This issue only\naffected the oldstable distribution (wheezy).\n\nCVE-2015-1788\nJoseph Barr-Pixton discovered that an infinite loop could be triggered\ndue to incorrect handling of malformed ECParameters structures. This\ncould allow remote attackers to cause a denial of service.\n\nCVE-2015-1789\nRobert Swiecki and Hanno Bck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\nEmilia Ksper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause\na denial of service (crash).\n\nCVE-2015-1792\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an\nunknown hash function OID. This could allow remote attackers to cause\na denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000\n).", "cvss3": {}, "published": "2015-06-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3287-1 (openssl - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4000", "CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703287", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3287.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3287-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703287\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\",\n \"CVE-2015-1791\", \"CVE-2015-1792\", \"CVE-2015-4000\");\n script_name(\"Debian Security Advisory DSA 3287-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-13 00:00:00 +0200 (Sat, 13 Jun 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3287.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|9|8)\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1.\n\nWe recommend that you upgrade your openssl packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nCVE-2014-8176\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\nthat an invalid memory free could be triggered when buffering DTLS\ndata. This could allow remote attackers to cause a denial of service\n(crash) or potentially execute arbitrary code. This issue only\naffected the oldstable distribution (wheezy).\n\nCVE-2015-1788\nJoseph Barr-Pixton discovered that an infinite loop could be triggered\ndue to incorrect handling of malformed ECParameters structures. This\ncould allow remote attackers to cause a denial of service.\n\nCVE-2015-1789\nRobert Swiecki and Hanno Bck discovered that the X509_cmp_time\nfunction could read a few bytes out of bounds. This could allow remote\nattackers to cause a denial of service (crash) via crafted\ncertificates and CRLs.\n\nCVE-2015-1790\nMichal Zalewski discovered that the PKCS#7 parsing code did not\nproperly handle missing content which could lead to a NULL pointer\ndereference. This could allow remote attackers to cause a denial of\nservice (crash) via crafted ASN.1-encoded PKCS#7 blobs.\n\nCVE-2015-1791\nEmilia Ksper discovered that a race condition could occur due to\nincorrect handling of NewSessionTicket in a multi-threaded client,\nleading to a double free. This could allow remote attackers to cause\na denial of service (crash).\n\nCVE-2015-1792\nJohannes Bauer discovered that the CMS code could enter an infinite\nloop when verifying a signedData message, if presented with an\nunknown hash function OID. This could allow remote attackers to cause\na denial of service.\n\nAdditionally OpenSSL will now reject handshakes using DH parameters\nshorter than 768 bits as a countermeasure against the Logjam attack\n(CVE-2015-4000\n).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1e-2+deb7u17\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.2b-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcrypto1.0.0-udeb\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1k-3+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6509", "CVE-2015-6508", "CVE-2015-4029", "CVE-2015-6510", "CVE-2015-6511"], "description": "This host is running pfSense and is prone\n to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-09-04T00:00:00", "id": "OPENVAS:1361412562310805971", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805971", "type": "openvas", "title": "pfSense Multiple Vulnerabilities - 02 Sep15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pfsense_mult_vuln02_sep15.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# pfSense Multiple Vulnerabilities - 02 Sep15\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:pfsense:pfsense\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805971\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-6508\", \"CVE-2015-6509\", \"CVE-2015-6510\", \"CVE-2015-6511\",\n \"CVE-2015-4029\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-04 14:53:21 +0530 (Fri, 04 Sep 2015)\");\n script_name(\"pfSense Multiple Vulnerabilities - 02 Sep15\");\n\n script_tag(name:\"summary\", value:\"This host is running pfSense and is prone\n to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following flaws exist:\n\n - Input passed via 'descr' parameter to system_authservers.php script,\n 'proxypass' parameter to system_advanced_misc.php script, 'smtpport' parameter\n to system_advanced_notifications.php script, 'zone' parameter to\n services_captiveportal_zones.php scripts is not validated before returning to\n user.\n\n - Input passed via 'adaptiveend', 'adaptivestart', 'maximumstates',\n 'maximumtableentries' and 'aliasesresolveinterval' parameters to\n system_advanced_firewall.php script is not validated before returning to user.\n\n - Input passed via the 'srctrack', 'use_mfs_tmp_size', 'use_mfs_var_size'\n parameters to system_advanced_misc.php script is not validated before returning\n to user.\n\n - Input passed via the 'name', 'notification_name', 'ipaddress', 'password',\n 'smtpipaddress', 'smtpport', 'smtpfromaddress', 'smtpnotifyemailaddress',\n 'smtpusername', and 'smtppassword' parameters to system_advanced_notifications.php\n script is not validated before returning to user.\n\n - Various other input validation errors. For details refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary HTML and script code in a user's\n browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"pfSense before version 2.2.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.2.3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.pfsense.org/security/advisories/pfSense-SA-15_06.webgui.asc\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_pfsense_detect.nasl\");\n script_mandatory_keys(\"pfsense/installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!pfVer = get_app_version(cpe:CPE, nofork:TRUE)) exit(0);\n\nif(version_is_less(version:pfVer, test_version:\"2.2.3\"))\n{\n report = report_fixed_ver(installed_version:pfVer, fixed_version:\"2.2.3\");\n security_message( port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-10-09T15:20:32", "description": "On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct\n vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.\n\n Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow\n an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310105678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:ios_xe\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105678\");\n script_cve_id(\"CVE-2015-1791\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1792\", \"CVE-2014-8176\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct\n vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research.\n\n Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow\n an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 10:53:28 +0200 (Tue, 10 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_ios_xe_version.nasl\");\n script_mandatory_keys(\"cisco_ios_xe/version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\naffected = make_list(\n '3.3.0S',\n '3.3.1S',\n '3.3.2S',\n '3.4.0S',\n '3.4.1S',\n '3.4.2S',\n '3.4.3S',\n '3.4.4S',\n '3.4.5S',\n '3.4.6S',\n '3.5.0S',\n '3.5.1S',\n '3.5.2S',\n '3.6.0S',\n '3.6.1S',\n '3.6.2S',\n '3.7.0S',\n '3.7.1S',\n '3.7.2S',\n '3.7.3S',\n '3.7.4S',\n '3.7.5S',\n '3.7.6S',\n '3.8.0S',\n '3.8.1S',\n '3.8.2S',\n '3.9.0S',\n '3.9.1S',\n '3.9.2S' );\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-09T15:19:27", "description": "On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct\n vulnerabilities, and another fix that provides hardening protections against exploits as described\n in the Logjam research.\n\n Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more\n vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n (DoS) condition or corrupt portions of OpenSSL process memory.\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "openvas", "title": "Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310105692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105692", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/o:cisco:nx-os\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105692\");\n script_cve_id(\"CVE-2015-1791\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\", \"CVE-2015-1792\", \"CVE-2014-8176\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-10-09T06:43:33+0000\");\n\n script_name(\"Cisco NX-OS: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products\");\n\n script_xref(name:\"URL\", value:\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct\n vulnerabilities, and another fix that provides hardening protections against exploits as described\n in the Logjam research.\n\n Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more\n vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service\n (DoS) condition or corrupt portions of OpenSSL process memory.\n\n Cisco will release software updates that address these vulnerabilities.\n\n Workarounds that mitigate these vulnerabilities may be available.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-12 15:26:53 +0200 (Thu, 12 May 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_nx_os_version.nasl\");\n script_mandatory_keys(\"cisco_nx_os/version\", \"cisco_nx_os/model\", \"cisco_nx_os/device\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\nif( ! device = get_kb_item( \"cisco_nx_os/device\" ) ) exit( 0 );\nif( \"Nexus\" >!< device ) exit( 0 );\n\nif ( ! nx_model = get_kb_item( \"cisco_nx_os/model\" ) ) exit( 0 );\n\nif( \"1000V\" >< nx_model )\n{\n affected = make_list(\n \"4.0(4)SV1(1)\",\n \"4.0(4)SV1(2)\",\n \"4.0(4)SV1(3)\",\n \"4.0(4)SV1(3a)\",\n \"4.0(4)SV1(3b)\",\n \"4.0(4)SV1(3c)\",\n \"4.0(4)SV1(3d)\",\n \"4.2(1)SV1(4)\",\n \"4.2(1)SV1(4a)\",\n \"4.2(1)SV1(4b)\",\n \"4.2(1)SV1(5.1)\",\n \"4.2(1)SV1(5.1a)\",\n \"4.2(1)SV1(5.2)\",\n \"4.2(1)SV1(5.2b)\",\n \"4.2(1)SV2(1.1)\",\n \"4.2(1)SV2(1.1a)\",\n \"4.2(1)SV2(2.1)\",\n \"4.2(1)SV2(2.1a)\"\n );\n}\n\nif( nx_model =~ \"^3[0-9]+\" )\n{\n affected = make_list(\n \"5.0(3)U1(1)\",\n \"5.0(3)U1(1a)\",\n \"5.0(3)U1(1b)\",\n \"5.0(3)U1(1d)\",\n \"5.0(3)U1(2)\",\n \"5.0(3)U1(2a)\",\n \"5.0(3)U2(1)\",\n \"5.0(3)U2(2)\",\n \"5.0(3)U2(2a)\",\n \"5.0(3)U2(2b)\",\n \"5.0(3)U2(2c)\",\n \"5.0(3)U2(2d)\",\n \"5.0(3)U3(1)\",\n \"5.0(3)U3(2)\",\n \"5.0(3)U3(2a)\",\n \"5.0(3)U3(2b)\",\n \"5.0(3)U4(1)\",\n \"5.0(3)U5(1)\",\n \"5.0(3)U5(1a)\",\n \"5.0(3)U5(1b)\",\n \"5.0(3)U5(1c)\",\n \"5.0(3)U5(1d)\",\n \"5.0(3)U5(1e)\",\n \"5.0(3)U5(1f)\",\n \"5.0(3)U5(1g)\",\n \"5.0(3)U5(1h)\",\n \"6.0(2)U1(1)\",\n \"6.0(2)U1(1a)\",\n \"6.0(2)U1(2)\",\n \"6.0(2)U1(3)\",\n \"6.0(2)U1(4)\",\n \"6.0(2)U2(1)\",\n \"6.0(2)U2(2)\",\n \"6.0(2)U2(3)\",\n \"6.0(2)U2(4)\",\n \"6.0(2)U2(5)\",\n \"6.0(2)U2(6)\",\n \"6.0(2)U3(1)\",\n \"6.0(2)U3(2)\",\n \"6.0(2)U3(3)\",\n \"6.0(2)U3(4)\",\n \"6.0(2)U3(5)\",\n \"6.0(2)U4(1)\",\n \"6.0(2)U4(2)\",\n \"6.0(2)U4(3)\",\n \"6.0(2)U5(1)\"\n );\n}\n\nif( nx_model =~ \"^4[0-9]+\" )\n{\n affected = make_list(\n \"4.1(2)E1(1)\",\n \"4.1(2)E1(1b)\",\n \"4.1(2)E1(1d)\",\n \"4.1(2)E1(1e)\",\n \"4.1(2)E1(1f)\",\n \"4.1(2)E1(1g)\",\n \"4.1(2)E1(1h)\",\n \"4.1(2)E1(1i)\",\n \"4.1(2)E1(1j)\"\n );\n}\n\nif( nx_model =~ \"^5[0-9]+\" )\n{\n affected = make_list(\n \"4.0(0)N1(1a)\",\n \"4.0(0)N1(2)\",\n \"4.0(0)N1(2a)\",\n \"4.0(1a)N1(1)\",\n \"4.0(1a)N1(1a)\",\n \"4.0(1a)N2(1)\",\n \"4.0(1a)N2(1a)\",\n \"4.1(3)N1(1)\",\n \"4.1(3)N1(1a)\",\n \"4.1(3)N2(1)\",\n \"4.1(3)N2(1a)\",\n \"4.2(1)N1(1)\",\n \"4.2(1)N2(1)\",\n \"4.2(1)N2(1a)\",\n \"5.0(2)N1(1)\",\n \"5.0(2)N2(1)\",\n \"5.0(2)N2(1a)\",\n \"5.0(3)N1(1c)\",\n \"5.0(3)N2(1)\",\n \"5.0(3)N2(2)\",\n \"5.0(3)N2(2a)\",\n \"5.0(3)N2(2b)\",\n \"5.1(3)N1(1)\",\n \"5.1(3)N1(1a)\",\n \"5.1(3)N2(1)\",\n \"5.1(3)N2(1a)\",\n \"5.1(3)N2(1b)\",\n \"5.1(3)N2(1c)\",\n \"5.2(1)N1(1)\",\n \"5.2(1)N1(1a)\",\n \"5.2(1)N1(1b)\",\n \"5.2(1)N1(2)\",\n \"5.2(1)N1(2a)\",\n \"5.2(1)N1(3)\",\n \"5.2(1)N1(4)\",\n \"5.2(1)N1(5)\",\n \"5.2(1)N1(6)\",\n \"5.2(1)N1(7)\",\n \"5.2(1)N1(8)\",\n \"5.2(1)N1(8a)\",\n \"6.0(2)N1(1)\",\n \"6.0(2)N1(2)\",\n \"6.0(2)N1(2a)\",\n \"6.0(2)N2(1)\",\n \"6.0(2)N2(1b)\",\n \"6.0(2)N2(2)\",\n \"6.0(2)N2(3)\",\n \"6.0(2)N2(4)\",\n \"6.0(2)N2(5)\",\n \"7.0(0)N1(1)\",\n \"7.0(1)N1(1)\",\n \"7.0(2)N1(1)\",\n \"7.0(3)N1(1)\"\n );\n}\n\nif( nx_model =~ \"^6[0-9]+\" )\n{\n affected = make_list(\n \"6.0(2)N1(2)\",\n \"6.0(2)N1(2a)\",\n \"6.0(2)N2(1)\",\n \"6.0(2)N2(1b)\",\n \"6.0(2)N2(2)\",\n \"6.0(2)N2(3)\",\n \"6.0(2)N2(4)\",\n \"6.0(2)N2(5)\",\n \"7.0(0)N1(1)\",\n \"7.0(1)N1(1)\",\n \"7.0(2)N1(1)\",\n \"7.0(3)N1(1)\"\n );\n}\n\nif( nx_model =~ \"^7[0-9]+\" )\n{\n affected = make_list(\n \"4.1.(2)\",\n \"4.1.(3)\",\n \"4.1.(4)\",\n \"4.1.(5)\",\n \"4.2(3)\",\n \"4.2(4)\",\n \"4.2(6)\",\n \"4.2(8)\",\n \"4.2.(2a)\",\n \"5.0(2a)\",\n \"5.0(3)\",\n \"5.0(5)\",\n \"5.1(1)\",\n \"5.1(1a)\",\n \"5.1(3)\",\n \"5.1(4)\",\n \"5.1(5)\",\n \"5.1(6)\",\n \"5.2(1)\",\n \"5.2(3a)\",\n \"5.2(4)\",\n \"5.2(5)\",\n \"5.2(7)\",\n \"5.2(9)\",\n \"6.0(1)\",\n \"6.0(2)\",\n \"6.0(3)\",\n \"6.0(4)\",\n \"6.1(1)\",\n \"6.1(2)\",\n \"6.1(3)\",\n \"6.1(4)\",\n \"6.1(4a)\",\n \"6.2(10)\",\n \"6.2(2)\",\n \"6.2(2a)\",\n \"6.2(6)\",\n \"6.2(6b)\",\n \"6.2(8)\",\n \"6.2(8a)\",\n \"6.2(8b)\"\n );\n}\n\nif( nx_model =~ \"^N9K\" )\n{\n affected = make_list(\n \"11.0(1b)\",\n \"11.0(1c)\",\n \"6.1(2)I2(1)\",\n \"6.1(2)I2(2)\",\n \"6.1(2)I2(2a)\",\n \"6.1(2)I2(2b)\",\n \"6.1(2)I2(3)\",\n \"6.1(2)I3(1)\",\n \"6.1(2)I3(2)\",\n \"6.1(2)I3(3)\"\n );\n}\n\nforeach af ( affected )\n{\n if( version == af )\n {\n report = report_fixed_ver( installed_version:version, fixed_version: \"See advisory\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for openssl USN-2639-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1792", "CVE-2015-1789", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842242", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for openssl USN-2639-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842242\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-12 06:09:14 +0200 (Fri, 12 Jun 2015)\");\n script_cve_id(\"CVE-2014-8176\", \"CVE-2015-1788\", \"CVE-2015-1789\", \"CVE-2015-1790\",\n \"CVE-2015-1791\", \"CVE-2015-1792\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-2639-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Praveen Kariyanahalli, Ivan Fratric and\nFelix Groebert discovered that OpenSSL incorrectly handled memory when buffering\nDTLS data. A remote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. A remote attacker could use this issue to cause\nOpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)\n\nRobert Swiecki and Hanno Bö ck discovered that OpenSSL incorrectly handled\ncertain ASN1_TIME strings. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)\n\nMichal Zalewski discovered that OpenSSL incorrectly handled missing content\nwhen parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this\nissue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1790)\n\nEmilia Kä sper discovered that OpenSSL incorrectly handled NewSessionTicket\nwhen being used by a multi-threaded client. A remote attacker could use\nthis issue to cause OpenSSL to crash, resulting in a denial of service.\n(CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. A remote attacker could use this\nissue to cause OpenSSL to hang, resulting in a denial of service.\n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 768 bits, preventing a possible downgrade\nattack.\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2639-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2639-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu9.8\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu9.8\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:amd64\", ver:\"1.0.1f-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0:i386\", ver:\"1.0.1f-1ubuntu2.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1-4ubuntu5.31\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:47", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3415", "CVE-2015-4644", "CVE-2014-3416", "CVE-2015-4642", "CVE-2015-3416", "CVE-2015-3414", "CVE-2015-4643"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120105", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120105\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:32 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-561)\");\n script_tag(name:\"insight\", value:\"Upstream reports that six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 ). All PHP 5.4 users are encouraged to upgrade to this version. Please see the upstream release notes for full details.\");\n script_tag(name:\"solution\", value:\"Run yum update php54 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-561.html\");\n script_cve_id(\"CVE-2015-4644\", \"CVE-2015-3415\", \"CVE-2015-3414\", \"CVE-2015-4643\", \"CVE-2015-4642\", \"CVE-2014-3416\", \"CVE-2015-3416\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"php54-mssql\", rpm:\"php54-mssql~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-devel\", rpm:\"php54-devel~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xml\", rpm:\"php54-xml~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-imap\", rpm:\"php54-imap~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-odbc\", rpm:\"php54-odbc~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-debuginfo\", rpm:\"php54-debuginfo~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pdo\", rpm:\"php54-pdo~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-snmp\", rpm:\"php54-snmp~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysql\", rpm:\"php54-mysql~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54\", rpm:\"php54~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-tidy\", rpm:\"php54-tidy~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-dba\", rpm:\"php54-dba~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pspell\", rpm:\"php54-pspell~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-ldap\", rpm:\"php54-ldap~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-xmlrpc\", rpm:\"php54-xmlrpc~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-pgsql\", rpm:\"php54-pgsql~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-common\", rpm:\"php54-common~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-intl\", rpm:\"php54-intl~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-enchant\", rpm:\"php54-enchant~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mysqlnd\", rpm:\"php54-mysqlnd~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-soap\", rpm:\"php54-soap~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-fpm\", rpm:\"php54-fpm~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-recode\", rpm:\"php54-recode~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mbstring\", rpm:\"php54-mbstring~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-process\", rpm:\"php54-process~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-mcrypt\", rpm:\"php54-mcrypt~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-bcmath\", rpm:\"php54-bcmath~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-gd\", rpm:\"php54-gd~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-embedded\", rpm:\"php54-embedded~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"php54-cli\", rpm:\"php54-cli~5.4.42~1.71.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "description": "IPFire 2.17 - Core Update 91 fixes multiple security vulnerabilities.", "cvss3": {}, "published": "2015-06-30T00:00:00", "type": "openvas", "title": "IPFire 2.17 - Core Update 91", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1792", "CVE-2015-1789", "CVE-2015-4171", "CVE-2014-8176", "CVE-2015-1788", "CVE-2015-3991", "CVE-2015-1790", "CVE-2015-1791"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ipfire_2_17_core_91.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# IPFire 2.17 - Core Update 91\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networ
pfSense < 2.2.3 Multiple Vulnerabilities (SA-15_07) (Logjam)
