Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2011-1409.NASL
HistoryOct 27, 2011 - 12:00 a.m.

RHEL 6 : openssl (RHSA-2011:1409)

2011-10-2700:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2011:1409. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56661);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-3207");
  script_bugtraq_id(49469);
  script_xref(name:"RHSA", value:"2011:1409");

  script_name(english:"RHEL 6 : openssl (RHSA-2011:1409)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated openssl packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

An uninitialized variable use flaw was found in OpenSSL. This flaw
could cause an application using the OpenSSL Certificate Revocation
List (CRL) checking functionality to incorrectly accept a CRL that has
a nextUpdate date in the past. (CVE-2011-3207)

All OpenSSL users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to
take effect, all services linked to the OpenSSL library must be
restarted, or the system rebooted."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-3207"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2011:1409"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2011:1409";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"openssl-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.0-10.el6_1.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.0-10.el6_1.5")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-perl / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxopensslp-cpe:/a:redhat:enterprise_linux:openssl
redhatenterprise_linuxopenssl-debuginfop-cpe:/a:redhat:enterprise_linux:openssl-debuginfo
redhatenterprise_linuxopenssl-develp-cpe:/a:redhat:enterprise_linux:openssl-devel
redhatenterprise_linuxopenssl-perlp-cpe:/a:redhat:enterprise_linux:openssl-perl
redhatenterprise_linuxopenssl-staticp-cpe:/a:redhat:enterprise_linux:openssl-static
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux6.1cpe:/o:redhat:enterprise_linux:6.1

Related

fedora 8
nessus 19
altlinux 5
ubuntucve 1
openvas 28
amazon 1
debiancve 1
veracode 1
f5 2
prion 1
cve 1
openssl 1
oraclelinux 6
redhat 1
securityvulns 2
freebsd 1
gentoo 1
ibm 6
fedora
fedora
[SECURITY] Fedora 16 Update: openssl-1.0.0e-1.fc16
2011-09-11 01:45:41
[SECURITY] Fedora 15 Update: openssl-1.0.0g-1.fc15
2012-01-24 07:55:34
[SECURITY] Fedora 15 Update: openssl-1.0.0h-1.fc15
2012-04-11 17:05:54
nessus
nessus
Amazon Linux AMI : openssl (ALAS-2011-4)
2014-10-12 00:00:00
Fedora 16 : openssl-1.0.0e-1.fc16 (2011-12233)
2011-09-12 00:00:00
Oracle Linux 6 : openssl (ELSA-2011-1409)
2013-07-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.0e-alt1
2011-09-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0e-alt1
2011-09-12 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0e-alt1
2011-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2011-3207
2011-09-22 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2011-4)
2015-09-08 00:00:00
OpenSSL: CRL Verification Vulnerability (20110906) - Linux
2021-08-16 00:00:00
Oracle: Security Advisory (ELSA-2011-1409)
2015-10-06 00:00:00
amazon
amazon
Medium: openssl
2011-10-10 23:40:00
debiancve
debiancve
CVE-2011-3207
2011-09-22 10:55:00
veracode
veracode
CRL Validation Bypass
2020-04-10 01:07:24
f5
f5
K15318 : OpenSSL vulnerability CVE-2011-3207
2014-06-05 00:00:00
SOL15318 - OpenSSL vulnerability CVE-2011-3207
2014-06-05 00:00:00
prion
prion
Design/Logic Flaw
2011-09-22 10:55:00
cve
cve
CVE-2011-3207
2011-09-22 10:55:00
openssl
openssl
Vulnerability in OpenSSL CVE-2011-3207
2011-09-06 00:00:00
oraclelinux
oraclelinux
openssl security update
2011-10-26 00:00:00
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2016-09-27 00:00:00
redhat
redhat
(RHSA-2011:1409) Moderate: openssl security update
2011-10-26 00:00:00
securityvulns
securityvulns
OpenSSL security vulnerabilities
2011-10-16 00:00:00
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
2013-06-17 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2011-09-06 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
ibm
ibm
Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0
2022-09-25 23:13:40
Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Service Monitors is affected by multiple OpenSSL vulnerabilities
2022-09-26 05:45:55
Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multiple vulnerabilities in OpenSSL
2022-09-25 20:45:36
JSON
Related for REDHAT-RHSA-2011-1409.NASL
fedora8nessus19altlinux5ubuntucve1openvas28amazon1debiancve1veracode1f52prion1cve1openssl1oraclelinux6redhat1securityvulns2freebsd1gentoo1ibm6