Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20120529_OPENSSL_ON_SL5_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-blockchaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333)
On SL6 this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884. This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. For the update to take effect all services linked to the OpenSSL library must be restarted.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61320);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-0884", "CVE-2012-2333");
script_name(english:"Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"An integer underflow flaw, leading to a buffer over-read, was found in
the way OpenSSL handled DTLS (Datagram Transport Layer Security)
application data record lengths when using a block cipher in CBC
(cipher-blockchaining) mode. A malicious DTLS client or server could
use this flaw to crash its DTLS connection peer. (CVE-2012-2333)
On SL6 this update also fixes an uninitialized variable use bug,
introduced by the fix for CVE-2012-0884. This bug could possibly cause
an attempt to create an encrypted message in the CMS (Cryptographic
Message Syntax) format to fail. For the update to take effect all
services linked to the OpenSSL library must be restarted."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1205&L=scientific-linux-errata&T=0&P=1747
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5e131a8f"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/13");
script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"openssl-0.9.8e-22.el5_8.4")) flag++;
if (rpm_check(release:"SL5", reference:"openssl-devel-0.9.8e-22.el5_8.4")) flag++;
if (rpm_check(release:"SL5", reference:"openssl-perl-0.9.8e-22.el5_8.4")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-1.0.0-20.el6_2.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.0-20.el6_2.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.0-20.el6_2.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-static-1.0.0-20.el6_2.5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-perl / openssl-static");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | openssl | p-cpe:/a:fermilab:scientific_linux:openssl |
| fermilab | scientific_linux | openssl-devel | p-cpe:/a:fermilab:scientific_linux:openssl-devel |
| fermilab | scientific_linux | openssl-perl | p-cpe:/a:fermilab:scientific_linux:openssl-perl |
| fermilab | scientific_linux | openssl-static | p-cpe:/a:fermilab:scientific_linux:openssl-static |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1)
2012-05-29 00:00:00
RHEL 5 / 6 : openssl (RHSA-2012:0699)
2012-05-30 00:00:00
CentOS 5 / 6 : openssl (CESA-2012:0699)
2012-05-30 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0699)
2015-10-06 00:00:00
CentOS Update for openssl CESA-2012:0699 centos6
2012-07-30 00:00:00
CentOS Update for openssl CESA-2012:0699 centos5
2012-07-30 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2012-05-29 00:00:00
openssl security and bug fix update
2012-03-27 00:00:00
centos
centos
openssl security update
2012-05-29 22:40:25
openssl security update
2012-03-28 00:47:32
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-05-24 00:00:00
redhat
redhat
(RHSA-2012:0699) Moderate: openssl security and bug fix update
2012-05-29 00:00:00
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
(RHSA-2012:1308) Important: openssl security update
2012-09-24 15:54:31
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0j-alt1
2012-05-12 00:00:00
securityvulns
securityvulns
OpenSSL DoS
2012-05-21 00:00:00
OpenSSL security vulnerabilities
2012-04-02 00:00:00
[ MDVSA-2012:038 ] openssl
2012-04-02 00:00:00
prion
prion
Integer overflow
2012-05-14 22:55:00
Information disclosure
2012-03-13 03:12:00
Code injection
2012-08-08 10:26:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssl-1.0.0j-1.fc17
2012-05-29 10:32:44
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 15 Update: openssl-1.0.0j-1.fc15
2012-06-03 00:02:27
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2333
2012-05-10 00:00:00
Vulnerability in OpenSSL CVE-2012-0884
2012-03-12 00:00:00
ibm
ibm
cve
cve
veracode
veracode
Denial Of Service (DoS) Through Buffer Over-read
2017-02-09 00:16:21
Denial Of Service (DoS) Through Buffer Over-read
2019-01-15 08:51:36
Million Message Attack (MMA)
2017-02-09 01:46:40
amazon
amazon
Medium: openssl
2012-06-10 11:48:00
Medium: openssl
2012-04-05 12:49:00
f5
f5
SOL15401 - OpenSSL vulnerability CVE-2012-2333
2014-07-09 00:00:00
K15401 : OpenSSL vulnerability CVE-2012-2333
2014-07-10 00:00:00
K13598 : OpenSSL vulnerability CVE-2012-0884
2013-09-20 00:00:00
suse
suse
Security update for openssl (important)
2012-05-31 00:08:26
Security update for openssl (important)
2012-05-31 01:08:19
Security update for openssl (important)
2012-05-30 23:08:17
debiancve
debiancve
CVE-2012-2333
2012-05-14 22:55:00
CVE-2012-0884
2012-03-13 03:12:00
debian
debian
[SECURITY] [DSA 2475-1] openssl security update
2012-05-17 23:14:31
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
freebsd
freebsd
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
2012-05-10 00:00:00
OpenSSL -- CMS and S/MIME Bleichenbacher attack
2012-03-12 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
ubuntucve
ubuntucve
CVE-2012-2333
2012-05-14 00:00:00
CVE-2012-0884
2012-03-12 00:00:00
checkpoint_security
checkpoint_security
Check Point response to OpenSSL CVE-2012-0884
2012-06-07 21:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
cert
cert
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Related for SL_20120529_OPENSSL_ON_SL5_X.NASL