Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20150121_OPENSSL_ON_SL6_X.NASLHistoryJan 22, 2015 - 12:00 a.m.
Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)
2015-01-2200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL’s BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.
(CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user.
(CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method.
(CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user’s client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(80905);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206");
script_name(english:"Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A NULL pointer dereference flaw was found in the DTLS implementation
of OpenSSL. A remote attacker could send a specially crafted DTLS
message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record()
function of OpenSSL parsed certain DTLS messages. A remote attacker
could send multiple specially crafted DTLS messages to exhaust all
available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could
produce incorrect results under certain special conditions. This flaw
could possibly affect certain OpenSSL library functionality, such as
RSA blinding. Note that this issue occurred rarely and with a low
probability, and there is currently no known way of exploiting it.
(CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with
a non-ephemeral key even when the ephemeral ECDH cipher suite was
selected. A malicious server could make a TLS/SSL client using OpenSSL
use a weaker key exchange method than the one requested by the user.
(CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when
using non-export RSA cipher suites. A malicious server could make a
TLS/SSL client using OpenSSL use a weaker key exchange method.
(CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509
certificates. An attacker could use these flaws to modify an X.509
certificate to produce a certificate with a different fingerprint
without invalidating its signature, and possibly bypass
fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions,
accept Diffie-Hellman client certificates without the use of a private
key. An attacker could use a user's client certificate to authenticate
as that user, without needing the private key. (CVE-2015-0205)
For the update to take effect, all services linked to the OpenSSL
library (such as httpd and other SSL-enabled services) must be
restarted or the system rebooted."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1501&L=scientific-linux-errata&T=0&P=1506
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?948791ea"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openssl-static");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/09");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/22");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"openssl-1.0.1e-30.el6_6.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-debuginfo-1.0.1e-30.el6_6.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-devel-1.0.1e-30.el6_6.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-perl-1.0.1e-30.el6_6.5")) flag++;
if (rpm_check(release:"SL6", reference:"openssl-static-1.0.1e-30.el6_6.5")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-1.0.1e-34.el7_0.7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-debuginfo-1.0.1e-34.el7_0.7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-devel-1.0.1e-34.el7_0.7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-libs-1.0.1e-34.el7_0.7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-perl-1.0.1e-34.el7_0.7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openssl-static-1.0.1e-34.el7_0.7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-devel / openssl-libs / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | openssl | p-cpe:/a:fermilab:scientific_linux:openssl |
| fermilab | scientific_linux | openssl-debuginfo | p-cpe:/a:fermilab:scientific_linux:openssl-debuginfo |
| fermilab | scientific_linux | openssl-devel | p-cpe:/a:fermilab:scientific_linux:openssl-devel |
| fermilab | scientific_linux | openssl-libs | p-cpe:/a:fermilab:scientific_linux:openssl-libs |
| fermilab | scientific_linux | openssl-perl | p-cpe:/a:fermilab:scientific_linux:openssl-perl |
| fermilab | scientific_linux | openssl-static | p-cpe:/a:fermilab:scientific_linux:openssl-static |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
www.nessus.org/u?948791ea
Related
nessus
nessus
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2459-1)
2015-01-13 00:00:00
AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)
2015-02-18 00:00:00
CentOS 6 / 7 : openssl (CESA-2015:0066)
2015-01-21 00:00:00
openvas
openvas
CentOS Update for openssl CESA-2015:0066 centos6
2015-01-23 00:00:00
Oracle Linux Local Check: ELSA-2015-0066
2015-10-06 00:00:00
Ubuntu Update for openssl USN-2459-1
2015-01-23 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-01-12 00:00:00
centos
centos
openssl security update
2015-01-20 21:00:39
oraclelinux
oraclelinux
openssl security update
2015-01-20 00:00:00
openssl security update
2015-02-26 00:00:00
openssl security update
2015-12-14 00:00:00
redhat
redhat
(RHSA-2015:0066) Moderate: openssl security update
2015-01-20 00:00:00
securityvulns
securityvulns
[USN-2459-1] OpenSSL vulnerabilities
2015-01-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-01-13 00:00:00
HP Version Control Repository Manager multiple security vulnerabilities
2015-09-14 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-02-04 06:24:41
suse
suse
Security update for openssl (important)
2015-01-23 20:05:13
Security update for libressl (important)
2015-07-22 15:08:14
Security update for compat-openssl097g (important)
2015-03-24 00:05:09
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1k-alt1
2015-01-12 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt1
2015-01-12 00:00:00
osv
osv
openssl - security update
2015-01-11 00:00:00
openssl - security update
2015-01-11 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
2015-03-10 16:00:00
OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
2015-01-13 19:57:19
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2015-01-08 00:00:00
LibreSSL -- DTLS vulnerability
2015-01-08 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:01.openssl
2015-01-14 00:00:00
kaspersky
kaspersky
KLA10460 Multiple vulnerabilities in OpenSSL
2015-01-08 00:00:00
slackware
slackware
[slackware-security] openssl
2015-01-09 18:34:39
archlinux
archlinux
openssl: multiple issues
2015-01-09 00:00:00
debian
debian
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DSA 3125-1] openssl security update
2015-01-11 11:05:13
[SECURITY] [DLA 132-1] openssl security update
2015-01-11 13:16:17
amazon
amazon
Medium: openssl
2015-01-11 12:36:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2015-01-11 22:54:28
fedora
fedora
[SECURITY] Fedora 21 Update: openssl-1.0.1k-1.fc21
2015-01-13 00:02:20
prion
prion
Code injection
2015-01-09 02:59:00
Design/Logic Flaw
2015-01-09 02:59:00
Memory corruption
2015-01-09 02:59:00
f5
f5
SOL16136 - OpenSSL vulnerability CVE-2014-8275
2015-02-12 00:00:00
SOL16135 - OpenSSL vulnerability CVE-2015-0205
2015-02-12 00:00:00
K16124 : OpenSSL vulnerability CVE-2015-0206
2015-09-16 00:00:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
OpenSSL DTLS dtls1_buffer_record Denial of Service (CVE-2015-0206)
2015-01-19 00:00:00
OpenSSL Ephemeral ECDH Cipher Suite Handshake Downgrade (CVE-2014-3572)
2015-01-07 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Memory Consumption
2017-02-10 01:51:44
Access Bypass
2017-02-10 01:42:04
Protection Mechanism Bypass
2017-02-06 02:21:32
openssl
openssl
Vulnerability in OpenSSL CVE-2015-0206
2015-01-08 00:00:00
Vulnerability in OpenSSL CVE-2015-0205
2015-01-08 00:00:00
Vulnerability in OpenSSL CVE-2014-8275
2015-01-05 00:00:00
cisa
cisa
FREAK
2015-03-06 00:00:00
Related for SL_20150121_OPENSSL_ON_SL6_X.NASL