Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2003-063.NASL
HistoryJul 06, 2004 - 12:00 a.m.

RHEL 2.1 : openssl (RHSA-2003:063)

2004-07-0600:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.028 Low

EPSS

Percentile

90.8%

JSON

Updated OpenSSL packages are available that fix a potential timing-based attack.

[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS

OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose cryptography library.

In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. An active attacker may be able to use timing observations to distinguish between two different error cases:
cipher padding errors and MAC verification errors. Over multiple connections this can leak sufficient information to be able to retrieve the plaintext of a common, fixed block.

In order for an attack to be sucessful an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections which all involve a common fixed plaintext block (such as a password), and have good network conditions that allow small changes in timing to be reliably observed.

These updated packages contain a patch provided by the OpenSSL group that corrects this vulnerability.

Because server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or alternatively reboot their systems after installing these updates.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2003:063. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(12368);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2003-0078");
  script_xref(name:"RHSA", value:"2003:063");

  script_name(english:"RHEL 2.1 : openssl (RHSA-2003:063)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated OpenSSL packages are available that fix a potential
timing-based attack.

[Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES
and Red Hat Enterprise Linux WS

OpenSSL is a commercial-grade, full-featured, open source toolkit
which implements the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well as a full-strength, general
purpose cryptography library.

In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin
Vuagnoux describe and demonstrate a timing-based attack on CBC
ciphersuites in SSL and TLS. An active attacker may be able to use
timing observations to distinguish between two different error cases:
cipher padding errors and MAC verification errors. Over multiple
connections this can leak sufficient information to be able to
retrieve the plaintext of a common, fixed block.

In order for an attack to be sucessful an attacker must be able to act
as a man-in-the-middle to intercept and modify multiple connections
which all involve a common fixed plaintext block (such as a password),
and have good network conditions that allow small changes in timing to
be reliably observed.

These updated packages contain a patch provided by the OpenSSL group
that corrects this vulnerability.

Because server applications are affected by these vulnerabilities, we
advise users to restart all services that use OpenSSL functionality or
alternatively reboot their systems after installing these updates."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2003-0078"
  );
  # http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps
  script_set_attribute(
    attribute:"see_also",
    value:"https://lasec.epfl.ch/pub/lasec/doc/Vau02a.ps"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2003:063"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl095a");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl096");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2003/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2003:063";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-0.9.6b-30.7")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"openssl-0.9.6b-30.7")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-devel-0.9.6b-30.7")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl-perl-0.9.6b-30.7")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl095a-0.9.5a-18.7")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"openssl096-0.9.6-13.7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl095a / openssl096");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxopensslp-cpe:/a:redhat:enterprise_linux:openssl
redhatenterprise_linuxopenssl-develp-cpe:/a:redhat:enterprise_linux:openssl-devel
redhatenterprise_linuxopenssl-perlp-cpe:/a:redhat:enterprise_linux:openssl-perl
redhatenterprise_linuxopenssl095ap-cpe:/a:redhat:enterprise_linux:openssl095a
redhatenterprise_linuxopenssl096p-cpe:/a:redhat:enterprise_linux:openssl096
redhatenterprise_linux2.1cpe:/o:redhat:enterprise_linux:2.1

Related

nessus 8
redhat 1
debian 2
debiancve 1
cve 1
f5 2
suse 1
openssl 1
securityvulns 2
openvas 4
osv 1
cvelist 1
nvd 1
ubuntucve 1
oraclelinux 3
nessus
nessus
HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update
2005-02-16 00:00:00
OpenSSL 0.9.6 < 0.9.6i Vulnerability
2024-06-07 00:00:00
HP-UX PHSS_28686 : s700_800 11.04 Virtualvault 4.6 OWS update
2005-03-18 00:00:00
redhat
redhat
(RHSA-2003:063) openssl security update
2003-02-19 00:00:00
debian
debian
[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
2003-02-24 14:00:47
[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
2003-02-24 14:00:47
debiancve
debiancve
CVE-2003-0078
2004-09-01 04:00:00
cve
cve
CVE-2003-0078
2004-09-01 04:00:00
f5
f5
SOL2319 - Insufficient MAC computation in OpenSSH - CAN-2003-0078
2007-05-16 00:00:00
Insufficient MAC computation in OpenSSH - CAN-2003-0078
2007-05-17 04:00:00
suse
suse
remote attack on encryption in openssl
2003-02-26 15:52:34
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0078
2003-02-19 00:00:00
securityvulns
securityvulns
OpenSSL 0.9.7a and 0.9.6i released
2003-02-19 00:00:00
Terminal Emulator Security Issues
2003-02-25 00:00:00
openvas
openvas
Debian Security Advisory DSA 253-1 (openssl)
2008-01-17 00:00:00
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Linux
2021-08-13 00:00:00
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Windows
2021-08-13 00:00:00
osv
osv
openssl - information leak
2003-02-24 00:00:00
cvelist
cvelist
CVE-2003-0078
2004-09-01 04:00:00
nvd
nvd
CVE-2003-0078
2003-03-03 05:00:00
ubuntucve
ubuntucve
CVE-2003-0078
2003-03-03 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.028 Low

EPSS

Percentile

90.8%

JSON
Related for REDHAT-RHSA-2003-063.NASL
nessus8redhat1debian2debiancve1cve1f52suse1openssl1securityvulns2openvas4osv1cvelist1nvd1ubuntucve1oraclelinux3