Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2015-0066.NASL
HistoryJan 21, 2015 - 12:00 a.m.

RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)

2015-01-2100:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL’s BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.
(CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.
(CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.
(CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user’s client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:0066. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(80879);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/05");

  script_cve_id("CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206");
  script_bugtraq_id(71936);
  script_xref(name:"RHSA", value:"2015:0066");

  script_name(english:"RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose
cryptography library.

A NULL pointer dereference flaw was found in the DTLS implementation
of OpenSSL. A remote attacker could send a specially crafted DTLS
message, which would cause an OpenSSL server to crash. (CVE-2014-3571)

A memory leak flaw was found in the way the dtls1_buffer_record()
function of OpenSSL parsed certain DTLS messages. A remote attacker
could send multiple specially crafted DTLS messages to exhaust all
available memory of a DTLS server. (CVE-2015-0206)

It was found that OpenSSL's BigNumber Squaring implementation could
produce incorrect results under certain special conditions. This flaw
could possibly affect certain OpenSSL library functionality, such as
RSA blinding. Note that this issue occurred rarely and with a low
probability, and there is currently no known way of exploiting it.
(CVE-2014-3570)

It was discovered that OpenSSL would perform an ECDH key exchange with
a non-ephemeral key even when the ephemeral ECDH cipher suite was
selected. A malicious server could make a TLS/SSL client using OpenSSL
use a weaker key exchange method than the one requested by the user.
(CVE-2014-3572)

It was discovered that OpenSSL would accept ephemeral RSA keys when
using non-export RSA cipher suites. A malicious server could make a
TLS/SSL client using OpenSSL use a weaker key exchange method.
(CVE-2015-0204)

Multiple flaws were found in the way OpenSSL parsed X.509
certificates. An attacker could use these flaws to modify an X.509
certificate to produce a certificate with a different fingerprint
without invalidating its signature, and possibly bypass
fingerprint-based blacklisting in applications. (CVE-2014-8275)

It was found that an OpenSSL server would, under certain conditions,
accept Diffie-Hellman client certificates without the use of a private
key. An attacker could use a user's client certificate to authenticate
as that user, without needing the private key. (CVE-2015-0205)

All OpenSSL users are advised to upgrade to these updated packages,
which contain a backported patch to mitigate the above issues. For the
update to take effect, all services linked to the OpenSSL library
(such as httpd and other SSL-enabled services) must be restarted or
the system rebooted."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.openssl.org/news/secadv/20150108.txt"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2015:0066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3571"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3570"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-8275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-0205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-0204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-0206"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openssl-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/21");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2015:0066";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"openssl-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", reference:"openssl-debuginfo-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", reference:"openssl-devel-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-perl-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-perl-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-perl-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openssl-static-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openssl-static-1.0.1e-30.el6.5")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openssl-static-1.0.1e-30.el6.5")) flag++;


  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"openssl-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openssl-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"openssl-debuginfo-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"openssl-devel-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"openssl-libs-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"openssl-perl-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openssl-perl-1.0.1e-34.el7_0.7")) flag++;

  if (rpm_check(release:"RHEL7", reference:"openssl-static-1.0.1e-34.el7_0.7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxopensslp-cpe:/a:redhat:enterprise_linux:openssl
redhatenterprise_linuxopenssl-debuginfop-cpe:/a:redhat:enterprise_linux:openssl-debuginfo
redhatenterprise_linuxopenssl-develp-cpe:/a:redhat:enterprise_linux:openssl-devel
redhatenterprise_linuxopenssl-libsp-cpe:/a:redhat:enterprise_linux:openssl-libs
redhatenterprise_linuxopenssl-perlp-cpe:/a:redhat:enterprise_linux:openssl-perl
redhatenterprise_linuxopenssl-staticp-cpe:/a:redhat:enterprise_linux:openssl-static
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux6.6cpe:/o:redhat:enterprise_linux:6.6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux7.3cpe:/o:redhat:enterprise_linux:7.3
Rows per page:
1-10 of 141

Related

nessus 46
ibm 56
openvas 13
ubuntu 1
centos 1
oraclelinux 6
aix 1
securityvulns 5
redhat 1
suse 2
altlinux 6
archlinux 1
debian 3
kaspersky 1
slackware 1
osv 2
freebsd 2
freebsd_advisory 1
cisco 1
amazon 1
mageia 1
fedora 1
prion 5
cve 6
ubuntucve 5
f5 12
debiancve 4
veracode 7
openssl 5
checkpoint_advisories 2
nessus
nessus
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2459-1)
2015-01-13 00:00:00
CentOS 6 / 7 : openssl (CESA-2015:0066)
2015-01-21 00:00:00
Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)
2015-01-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affects Rational Application Developer for WebSphere Software (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)
2020-02-05 00:09:48
Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management (CVE-2014-3571, CVE-2015-0206, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570 )
2022-04-27 09:58:00
Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)
2023-03-06 14:43:44
openvas
openvas
CentOS Update for openssl CESA-2015:0066 centos6
2015-01-23 00:00:00
Ubuntu Update for openssl USN-2459-1
2015-01-23 00:00:00
RedHat Update for openssl RHSA-2015:0066-01
2015-01-23 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
oraclelinux
oraclelinux
openssl security update
2015-01-20 00:00:00
openssl security update
2015-02-26 00:00:00
openssl security update
2015-12-14 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
securityvulns
securityvulns
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
HP Version Control Repository Manager multiple security vulnerabilities
2015-09-14 00:00:00
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for libressl (important)
2015-07-22 15:08:14
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt0.M70P.1
2015-01-12 00:00:00
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
debian
debian
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:17
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
LibreSSL -- DTLS vulnerability
2015-01-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
prion
prion
Code injection
2015-01-09 02:59:00
Design/Logic Flaw
2015-01-09 02:59:00
Memory corruption
2015-01-09 02:59:00
cve
cve
CVE-2014-8275
2015-01-09 02:59:00
CVE-2015-0205
2015-01-09 02:59:00
CVE-2014-3571
2015-01-09 02:59:00
ubuntucve
ubuntucve
CVE-2014-8275
2015-01-08 00:00:00
CVE-2015-0205
2015-01-08 00:00:00
CVE-2015-0206
2015-01-08 00:00:00
f5
f5
SOL16136 - OpenSSL vulnerability CVE-2014-8275
2015-02-12 00:00:00
K16136 : OpenSSL vulnerability CVE-2014-8275
2015-09-18 00:00:00
SOL16135 - OpenSSL vulnerability CVE-2015-0205
2015-02-12 00:00:00
debiancve
debiancve
CVE-2014-8275
2015-01-09 02:59:00
CVE-2014-3570
2015-01-09 02:59:00
CVE-2014-3572
2015-01-09 02:59:00
veracode
veracode
Protection Mechanism Bypass
2017-02-06 02:21:32
Protection Mechanism Bypass
2019-01-15 09:05:35
Denial Of Service (DoS) Through Memory Consumption
2017-02-10 01:51:44
openssl
openssl
Vulnerability in OpenSSL CVE-2014-8275
2015-01-05 00:00:00
Vulnerability in OpenSSL CVE-2015-0206
2015-01-08 00:00:00
Vulnerability in OpenSSL CVE-2015-0205
2015-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS dtls1_buffer_record Denial of Service (CVE-2015-0206)
2015-01-19 00:00:00
OpenSSL Ephemeral ECDH Cipher Suite Handshake Downgrade (CVE-2014-3572)
2015-01-07 00:00:00
JSON
Related for REDHAT-RHSA-2015-0066.NASL
nessus46ibm56openvas13ubuntu1centos1oraclelinux6aix1securityvulns5redhat1suse2altlinux6archlinux1debian3kaspersky1slackware1osv2freebsd2freebsd_advisory1cisco1amazon1mageia1fedora1prion5cve6ubuntucve5f512debiancve4veracode7openssl5checkpoint_advisories2